Loading
Feature Disruption - Service Cloud VoiceRead More
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Enable Generate Event Log Files Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Enable Generate Event Log Files Control

            Foundational setting that activates generation of detailed Event Log Files (ELFs) capturing comprehensive user and system activity across the org for security monitoring, compliance, and forensic analysis.

            Control Name

            Event Monitoring Settings (Enable 'Generate event log files')

            Control Overview

            Foundational setting that activates generation of detailed Event Log Files (ELFs) capturing comprehensive user and system activity across the org for security monitoring, compliance, and forensic analysis.

            Description

            When enabled in Setup>Event Monitoring Settings, Salesforce begins logging 50+ event types (URI, API, LoginGeo, ReportEvent, BulkDataServicesEvent, and so on) to Big Objects with retention up to 1-24 months; prerequisite for analytics, streaming, and external SIEM integration.

            Recommended Configuration

            Enable 'Generate event log files' as the first step in any Event Monitoring deployment (requires Shield/Event Monitoring add-on license).

            Security Impact

            Provides complete visibility into all user actions, data access patterns, and system events, enabling detection of insider threats, brute force attacks, anomalous exports, and configuration abuse.

            Business Impact

            Establishes org-wide security telemetry foundation supporting SIEM integration, UEBA, compliance reporting, and operational analytics without third-party data exports.

            Security Risk If Not Configured

            Disabled generation of security event logs for the org eliminates the primary detection capability for user behavior monitoring and incident response.

            Threat Scenarios

            Complete blind spot to malicious insider activity, privilege abuse, data exfiltration via reports/APIs, account compromise indicators, and reconnaissance patterns; attackers operate undetected.

            Estimated CVSS Score Range

            Critical (9.0–10.0).

            Risk Impact Considerations

            No mitigation substitutes for ELFs. Impact scales exponentially with user count, external access, and regulated data; storage costs manageable vs. breach and compliance failure costs.

            Higher Risk When

            External users and portals are enabled, high-value data (PHI, PII, financial), API-heavy integrations, or history of security incidents requiring forensic reconstruction.

            Low Risk When

            Single small internal admin team with no external access and simple configuration; even then, recommended for baseline visibility.

            Business and Integration Considerations

            Enable immediately upon acquiring an Event Monitoring license. Plan Big Object storage and downstream consumer permissions before activation.

            Security Health Review Guidance

            Must have.

            Who Is Impacted

            All Salesforce users (internal and external), security operations, compliance teams, auditors, and any systems consuming event data via API/export.

            See Also

             
            Loading
            Salesforce Help | Article