Viewing the Audit Log
To view the Audit log, log in to the Management Tool, and click the Audit Log navigation link (on the left).
The Audit Log page lists of all users’ actions which have been performed in the Management Tool, and are displayed in the transaction log in the grid, which contains the following data in the corresponding columns:
• Time: The date & time when the action was performed.
• User Name: The user name of the user who performed the action.
• User Groups: The list of user groups that the user belongs to.
• Category: The category that the action performed belongs to.
• Action: The action performed.
• Object: A list of the objects affected by the action.
• Details: Additional information about the action performed.
To change the number of records displayed per page, click 10/50/100/200 (in the bottom right of the page).
To change the page number displayed, click the required page number (in the bottom left of the page).
All actions performed by users in the Management Tool are grouped into categories, including (but not limited to) the ones listed below, which contain the following information:
1. Alert management: Information on the alert configuration being changed, as well as the export, import, and deletion of old alerts and the creation of new ones, and changing the Global Alert settings.
2. Alert player viewing: Information on viewing alert events in the Alert Viewer by a user.
NOTE: The Alert Viewer was deprecated in Ekran System version 6.58.1, and therefore actions in the "Alert player viewing" category are longer be added to the transaction log.
3. Archived sessions viewing: Information on the archived sessions being opened in the Session Viewer or exported using Forensic Export.
4. Client editing: Information on the Client configuration being changed (multiple configuration changes are combined into a single log entry).
5. Client group management: Information on the Client Group configuration being changed, as well as the deletion of old Client Groups and the creation of new ones.
6. Client installation/uninstallation: Information on installation and uninstallation of Clients being performed by a user, as well as the Client Uninstallation key being changed.
7. Dashboards: Information on Clients, users on Client computers, and the time period for which the user productivity charts were generated
8. Database cleanup: Information on manual and scheduled cleanup being performed, and changes made to the Archive & Cleanup settings by a user.
9. Database management: Information on database shrinking, database archive & cleanup, and updates of statistics performed by a user.
10. Date & time format: Information on the Date & Time Format settings being changed.
11. Diagnostics: Information on the downloading of the Application Server and Management Tool log files by a user.
12. Email sending settings: Information on the Email Sending settings being changed.
13. Forensic export: Information on users performing Forensic Export, and downloading and deleting the results of Forensic Export, as well as validating those results.
14. Health monitoring: Information on error event records being deleted in the System State grid on the Health Monitoring page.
15. USB monitoring: Information on USB Monitoring & Blocking rules being changed by a user, as well as the deletion of old rules and the creation of new ones.
16. LDAP targets: Information on LDAP targets being added, edited, and deleted.
17. Log in / Log off: Information on users logging in / logging off (including the Management Tool being closed, sessions expiring, etc).
18. Log settings: Information on log settings being changed.
19. One-time passwords: Information on one-time passwords being generated, used, expired and manually terminated.
20. Report generation: Information on reports being generated by a user, both using the Report Generator and from Scheduled Report rules, as well as information on the reports generated being downloaded by specific users.
21. Scheduled report management: Information on Scheduled Report rules being changed by a user, as well as the deletion of old rules and the creation of new ones.
22. Secret manager: Information on user actions performed with secrets (and the folders that contain them) while managing them (on the Password Managment page), and well as on using them.
23. Serial key management: Information on the adding, activation, and deactivation of serial keys by a user.
24. Session viewing: Information on sessions being opened (i.e. viewed in the Session Viewer) by Management Tool users.
25. Ticketing system integration: Information on Ticketing System Integration being enabled or disabled, and on the ticketing system access parameters being edited.
26. Two-factor authentication: Information on users being added or deleted on the Two-Factor Authentication page, and on editing of two-factor authentication keys.
27. User blocking: Information on users being added to and removed from the Blocked Users list.
28. User group management: Information on user group configurations being changed by a user, as well as the deletion of old user groups and the creation of new ones, and changing the Client and administrative permissions.
29. User management: Information on user configurations being changed by a user, as well as the deletion of old users and the creation of new ones, and changing the Client and administrative permissions.