Viewing the Audit Log
To view the Audit log, log in to the Management Tool, and click the Audit Log navigation link on the left.
On the Audit Log page, a list of all users’ actions which have been performed in the Management Tool is displayed in the transaction log in the grid, which contains the following data in the corresponding columns:
• Time: The date & time the action was performed.
• User Name: The user name of the user who performed the action.
• User Groups: The list of user groups that the user belongs to.
• Category: The category that the action performed belongs to.
• Action: The action performed.
• Object: A list of the objects affected by the action.
• Details: Additional information about the action performed.
To change the number of records displayed per page, click 10/50/100/200 at the bottom of the page.
To change the page number displayed, click the required page number at the bottom of the page.
All actions performed by users in the Management Tool are grouped into categories including the following, which contain the following information:
1. Alert management: Information on the alert configuration being changed, as well as the export, import, and deletion of old alerts and the creation of new ones, and changing the Global Alert settings.
2. Alert player viewing: Information on viewing alert events in the Alert Viewer by a user.
NOTE: The Alert Viewer was deprecated in Ekran System version 6.58.1, so actions in the "Alert player viewing" category can no longer be added to the transaction log.
3. Archived sessions viewing: Information on the archived sessions opened in the Session Viewer or exported using Forensic Export.
4. Client editing: Information on the Client configuration being changed (multiple configuration changes are combined into a single log entry).
5. Client group management: Information on the Client Group configuration being changed, as well as the deletion of old Client Groups and the creation of new ones.
6. Client installation/uninstallation: Information on installation and uninstallation of Clients performed by a user, as well as the Client Uninstallation key being changed.
7. Database cleanup: Information on manual and scheduled cleanup performed and changes made to the Archive & Cleanup settings by a user.
8. Database management: Information on database shrinking, database archive & cleanup, and updates of statistics performed by a user.
9. Date & time format: Information on the Date & Time Format settings being changed.
10. Diagnostics: Information on the downloading of the Application Server and Management Tool log files by a user.
11. Email sending settings: Information on the Email Sending settings being changed.
12. Forensic export: Information on users performing Forensic Export, and downloading and deleting the results of Forensic Export, as well as validating those results.
13. Health monitoring: Information on error event records being deleted in the System State grid on the Health Monitoring page.
14. Interactive monitoring: Information on Clients, users on Client computers, and the time period for which Application Monitoring and URL Monitoring charts were generated.
15. Kernel-level USB monitoring: Information on USB Monitoring & Blocking rules changed by a user, as well as the deletion of old rules and the creation of new ones.
16. LDAP targets: Information on LDAP targets added, edited, and deleted.
17. Log in / Log off: Information on users logging in / logging off (including the Management Tool being closed, sessions expiring, etc).
18. Log settings: Information on log settings being changed.
19. One-time passwords: Information on one-time passwords generated, used, expired and manually terminated.
20. Report generation: Information on reports generated by a user, both using the Report Generator and from Scheduled Report rules, as well as information on the reports generated being downloaded by specific users.
21. Scheduled report management: Information on Scheduled Report rules being changed by a user, as well as the deletion of old rules and the creation of new ones.
22. Serial key management: Information on the adding, activation, and deactivation of serial keys by a user.
23. Session viewing: Information on the sessions opened in the Session Viewer by a user.
24. Ticketing system integration: Information on Ticketing System Integration being enabled or disabled, and on the ticketing system access parameters being edited.
25. Two-factor authentication: Information on users being added or deleted on the Two-Factor Authentication page, and on editing of two-factor authentication keys.
26. User blocking: Information on users added to and removed from the Blocked Users list.
27. User group management: Information on the user group configuration being changed by a user, as well as the deletion of old user groups and the creation of new ones, and changing the Client and administrative permissions.
28. User management: Information on the user configuration being changed by a user, as well as the deletion of old users and the creation of new ones, and changing the Client and administrative permissions.