Audit Log |
Audit log allows to view the list of events and changes carried via the control subsystems of Dr.Web Enterprise Security Suite. To view the audit log 1.Select the item in the main menu of the Control Center. 2.In the opened window, select the item of the control menu. 3.Window with the registered actions table opens. To configure viewing the log, specify on the toolbar the time period during which the actions have been performed. For this, you can select one of the proposed periods or specify arbitrary dates in the calendars which are opened on clicking the dates fields. Click to display the log for the selected dates. 4.The log table contains the following data: •—date and time when the action has been performed. •—login of the Server administrator. It is specified if the action was initiated directly by administrator or during connection to the Server according to the administrator credentials. •—IP address from which the action execution has been initiated. It is specified only in case of an external connection to the Server, particularly via the Control Center or via the Web API. •—the name of the subsystem by which or via which the action has been initiated. The audit is logged for the following subsystems: ▫—the action was performed via Dr.Web Security Control Center, particularly by administrator. ▫—the action was performed via the Web API, e.g., from an external software connected according to the administrator credentials (see also the document, p. Appendix L. Integration of Web API and Dr.Web Enterprise Security Suite). ▫—the action was performed by Dr.Web Server, e.g., according to its schedule. ▫—the action is initiated via the external utilities, particularly via Dr.Web Server remote diagnostics utility. •—the brief result of the action performing: ▫—operation successfully executed. ▫—an error occurred during the operation execution. Operation is not executed. ▫—operation execution is initiated. The result of operation execution will be known just after its completion. ▫—administrator that launched the operation execution has no permissions to execute this operation. ▫—action execution is postponed until a certain period or performing of a certain event. ▫—execution of the requested action is prohibited. For example, deleting of system groups.
•—the action description. 5.If necessary, you can export data for the specified period into a file. To do this, click on the the following buttons on the toolbar: , , , . |