Records
This section describes the logs of Google Workspace events. Whenever an action is performed on an endpoint, an event is logged. The actions can be rotate keys, create endpoint, delete endpoint, wrap, unwrap, and unwrap takeout.
These logs are visible under Records on the CCKM GUI. These records are also displayed on the CipherTrust Manager GUI under Records > Server Records.
Filtering Records
Use the "Search by" box to search for Google Workspace CSE records by the Requested By or Source IP column. The records can also be filtered using the on-screen filters. Click the Filter icon (
), select/clear the desired option, and click OK. When a filter is applied, the icon changes to (
).
Viewing Google Workspace CSE Events
To view Google Workspace CSE events:
Open the Cloud Key Manager Application.
In the left pane, click Records > Google Workspace CSE.
The following details are shown:
| Column | Description |
|---|---|
| Severity | Severity of the event. The severity can be: • Info • Warning • Error • Critical |
| Requested By | User who requested the action. |
| Action | Name of the action logged. The action can be: • Wrap • Unwrap • Takeout Unwrap |
| Source IP | IP address of the machine where the action is performed. |
| Timestamp | Time when the action is performed. |
To view more details about an event, click the corresponding expand icon (
) to the left of the Severity column.
Note
In some cases, you might see the following error:invalid authorization token - cause: untrusted authentication token: square/go-jose/jwt: validation field, token issued in the future (iat)
To resolve this issue, add the Google NTP server to the CipherTrust Manager (Admin Settings > NTPs).
