IBM Enterprise Records, Version 5.1.2    

Viewing audit log entries

You can view entries in the audit log using IBM® Administration Console for Content Platform Engine. You can also view audit entries for an entity using the history view of the IBM Enterprise Records application.

About this task

Using IBM Administration Console for Content Platform Engine

In addition to performing this procedure, you can retrieve, view, and operate on audit log entries using the auditing-related Saved Searches included in IBM Administration Console for Content Platform Engine.

Procedure

To view the audit log entries:

  1. Log on to IBM Administration Console for Content Platform Engine as System Administrator.
  2. Expand the node for the object store that contains the audit log you want to view.
  3. Right-click the Search Results node and select New Search from the menu to open the Query Builder.
  4. Select either the RMAudit object, the Event object, or a specific event type object, such as FileEvent, from the Select from Table menu list box. The query builder shows all columns defined in the selected table in the Select Columns window.
  5. By default, all the properties listed in the Select Columns menu display in the search results. You can optionally select only those properties you want to include in the search results.
  6. Click OK to start the search for audit log entries.

Results

After the Query Builder runs the search query, the details pane shows the objects that match the criteria you specified. The details pane shows the columns of properties from the selected object table. Double-click the results to view the audit log.

To view entries for a specific entity type, open the Properties page for the class of the entity. Click the Properties tab. Select the property value (the GUID) for the Primary ID property. Then right-click and Copy the value. In Step 5 earlier, specify the search criteria as follows: SourceClassId as the Column, Equal To as the Condition, and the GUID you copied as the Value. In a similar fashion, you can view entries for a specific entity by browsing to that entity in IBM Administration Console for Content Platform Engine, then copying its ID property. Alternatively, open the Properties page of the entity and click the Audit History tab.

Using the IBM Enterprise Records History View

Only a Records Administrator can view audit log entries using the History view.

To use the History view:
  1. From the IBM Enterprise Records application, browse the file plan to access the entity whose audit history you want to see.
  2. To show the Information page of the entity, click the Get Info icon.
  3. Click the History link.
  4. Select the check boxes for the types of events you want to see for the selected entity.
  5. Specify the criteria:
    1. Click the calendar icons to enter the period for which you want to show events.
    2. Select either AND or OR as the conditional operator. If you select AND, then you see only those events that match the criteria specified in both the Event Date and Initiated By fields. If you select OR, then you see the events that match the criteria specified in either the Event Date or Initiated By fields.
    3. Click Select User to specify the user who initiated the events.
    4. Select either AND or OR for the results of the previous two conditions and Event Status.
    5. Select either Success or Failure from the Event Status list box to show either successful or failed events.
  6. Specify a number in the Max Results text box. This result is the maximum number of events that you want to show in a page.
    Attention: If you specify zero (0) as the maximum results value, then you see all the events available in the audit history for the entity.
  7. Click Search to search and display events based on the specified criteria, or click Clear to clear the search criteria that you specified on this page.
  8. Click Exit to close the page.


Feedback

Last updated: November 2013
track_entities.htm

© Copyright IBM Corporation 2013