Authentication logs display information about authentication
events that occur when end users try to access network resources
for which access is controlled by Authentication Policy rules.
You can use this information to help troubleshoot access issues
and to adjust your Authentication policy as needed. In conjunction
with correlation objects, you can also use Authentication logs to
identify suspicious activity on your network, such as brute force
Optionally, you can configure Authentication rules to log timeout
events. These timeouts relate to the period when a user need authenticate
for a resource only once but can access it repeatedly. Seeing information
about the timeouts helps you decide if and how to adjust them (for
details, see Authentication Timestamps).
System logs record authentication events relating to GlobalProtect
and to administrator access to the web interface.