Logs & Monitoring
Monitor access activity, configuration changes, and security events.
Log tabs overview
The Logs section has four tabs:
| Tab | What it shows |
|---|---|
| Traffic | Every connection attempt through the GSA client — who accessed what, when, and whether it was allowed |
| Audit | Configuration changes made to GSA settings in Microsoft Entra |
| Local Audit | Changes made through the Cetegra console specifically |
| Security Alerts | Security events and policy violations from Entra Network Access monitoring |
Traffic logs
Traffic logs record every connection attempt through the GSA client. As a viewer, you can use these logs to:
- Confirm whether a user successfully reached a resource
- Find out why access was blocked
- Audit which resources have been accessed and by whom
Available filters:
| Filter | Use |
|---|---|
| Time range | Narrow to a specific period |
| Source IP | The user’s external IP address |
| Destination | Internal hostname, IP, or range |
| User | Filter by name or UPN |
| Application | Filter by enterprise application |
| Outcome | Allowed or Blocked |
Common lookups:
Is a user reaching a specific resource?
Filter by username and destination. Look for Allowed entries with the correct destination and port.
Why is access being blocked?
Filter by username and Blocked outcome. The log entry includes the reason — policy, no matching segment, no active connector, etc.
Who accessed a specific server over the past week? Filter by destination and set the time range to the relevant period.
Audit logs
The Audit tab shows configuration changes in Microsoft Entra scoped to GSA and Application Proxy. Useful for answering questions like:
- “When was this application last modified?”
- “Who changed the network segments on this connection?”
- “When was a new access group created?”
Each entry shows who made the change, what changed, when, and the operation type (create, update, delete).
Local audit logs
The Local Audit tab shows changes made specifically through the Cetegra console (not changes made directly in Entra). This is useful when you need to attribute a configuration change to a specific console user.
Each entry includes:
- Timestamp
- User who made the change (UPN)
- What resource was affected
- Operation type (create, update, delete)
- A Correlation ID for cross-referencing with the Entra audit log
Security alerts
The Security Alerts tab surfaces events from Microsoft Entra Network Access monitoring. Alerts are grouped by severity:
| Severity | Typical meaning |
|---|---|
| Critical | Access disruption or critical security gap — escalate immediately |
| High | Significant issue requiring prompt attention |
| Medium | Should be reviewed, but not immediately blocking |
| Low | Informational — review periodically |
Alert types include dependency issues (missing connectors or policies), secret expiry warnings, version issues, and licensing gaps.
If you see Critical or High alerts, report them to your Cetegra administrator promptly.
Jobs
Background import and sync operations are tracked in the Jobs section.
| Status | Meaning |
|---|---|
| Queued | Waiting to start |
| Running | In progress |
| Completed | Finished successfully |
| Failed | Encountered an error |
Jobs are initiated by Cetegra administrators. If a job shows as Failed, report it to your Cetegra administrator along with the job timestamp and any error message shown.