Security Event Auditing

Salesforce B2C Commerce provides various log files, including a security log. The security log contains log entries for Business Manager logins.

All Salesforce systems used to provision B2C Commerce Services—including firewalls, routers, network switches, and operating systems—log information to your respective system log facility or a centralized log collection server to enable security reviews and analysis. Security logs give you security situational awareness. By downloading and collecting logs available on your instances, you can better investigate and share information in the event of a security-related issue, including fraud, abuse, or other suspicious behavior. Security log information can help you determine who, what, when, and how a cyber attack occurred.

Security log files are located at the following URL. https://<instance-name>/on/demandware.servlet/webdav/Sites/Securitylogs

Security log entries can look like the sample entry shown below.

[2015-10-28 02:23:19.139 GMT] [DW-SEC] (User: 'username' (Sites), IP: 100.100.10.100 [LOGIN] : logged in.)

The security log also includes the following information.

Log files are captured daily, stored for 30 days, and then automatically deleted. If needed, you can delete log files more frequently using WebDAV. After five days, the log files are moved into a Log/Archive directory and compressed into .zip files. If you want to retain log files longer than 30 days, you must download the files and store them locally.

X Privacy Update: We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used. By continuing to use this site you are giving us your consent to do this. Privacy Policy.