There is a lot of information concerning the auditing features, event, and logs available in an IBM® Enterprise Records environment as well as how to configure and use these features, events, and logs.
Also for more information on displaying an entity's audit history, refer to Viewing audit log entries. For more information on auditing, refer to the Help for Content Engine Administration, specifically ../../../com.ibm.p8.ce.admin.doc/audit/al_concepts.htm.
For Auto Destroy, use the standard Content Engine audit mechanism, specifically the delete audit event to keep the destruction history, For more information, refer to the audit logging concept in Content Engine documentation.
Using the auditing features available for IBM Enterprise Records, you can:
The Content Engine includes a number of system events that, if configured for auditing, are automatically recorded to the audit log when the event occurs. Examples of these events include creating an object and filing an object into a folder. IBM Enterprise Records adds to the object store the custom event, RMAudit, which records IBM Enterprise Records events such as relocating or destroying an entity.
Each recorded event is stored in Content Engine as an object, and you can perform operations – such as searching, exporting, and examining properties – on these recorded event objects.
When a IBM Enterprise Records data model is imported into an object store, the RMAudit event is added to the object store. In addition, the event is automatically subscribed to for an FPOS's RecordCategory, RecordFolder, and Volume classes, and you can manually configure this event for the Record class. (Note, however, that auditing is not automatically enabled for the object store.)
The RMAudit event records an audit entry whenever any of the following actions are performed on an entity:
In addition to recording audit events for the above-mentioned IBM Enterprise Records actions, you can configure auditing for the following system events supplied with Content Engine. The following table lists a subset of the available system events; the listed events are those you are probably most interested in auditing for IBM Enterprise Records.
Event | Logged when | Applies to |
---|---|---|
Creation | An instance of a class is created (includes declaring a record--configure the event for the Record class on the FPOS). | You can audit this event for any class, including the RecordCategory, RecordFolder, Volume, and Record classes in the FPOS, and the Document class in the ROS. |
Deletion | An object is deleted from the object store. | You can audit this event for any class. |
File | An object is filed in a folder (includes creating a subfolder and the automatic filing that occurs when declaring a record). | You can audit this event for any Folder class (and subclass), including the RecordCategory, RecordFolder, and Volume classes in the FPOS. |
GetContent | The content of a content-carrying object is retrieved (for example, when a user views the content of a document). | You can audit this event for any Document class (and subclass). To audit when a user displays a document's content, enable this event on the ROS. |
GetObject | An object is retrieved from Content Engine (which includes retrieval attempts by the IBM Enterprise Records application). | You can audit this event for any class. |
Query | A query is performed (which includes queries the IBM Enterprise Records application performs as part of its processing). | You can audit this event for any class (except VersionSeries). |
Unfile | An object is removed (unfiled) from a folder (includes deleting a subfolder). | You can audit this event for any Folder class (and subclass), including the RecordCategory, RecordFolder, and Volume classes in the FPOS. |
Update | An object's properties are changed (which includes marking a container as Vital and activating or inactivating a container). | You can audit this event for any class. |
UpdateSecurity | The security of an object is changed. Note, however, that a failure will not be logged when a user attempts to delete an object from the IBM Enterprise Records application and the attempt is unsuccessful because the deletion is protected by a marking (which is the case with some IBM Enterprise Records objects). | You can audit this event for any class (except ReferentialContainmentRelationship and VersionSeries). |
When you enable and configure audit logging on an object store, the system generates audit log entries. These entries exist as a table in a database in the object store. To perform actions on the log (such as viewing or exporting it), you first run a query for the events you want and then perform the action, if necessary, against the result set of the query. Audit events remain in the audit log even if the audited object is deleted. For detailed information about audit logs, including information on how to delete unneeded log entries and manage the log size, see ../../../com.ibm.p8.ce.admin.doc/audit/al_concepts.htm in the Help for Content Engine Administration.
The audit log stores the following information:
Some audit log entries can contain additional information, depending on the type of audit event that occurred. For example, a successful Query event logs the original query text from which the query was generated as well as the class ID of the object that was the subject of the audit event.
The following lists the symbolic name and a brief description of the properties available for audit events. Properties that are specific to the RMAudit event are AuditActionType, ReasonForAction, Reviewer, and RMEntityDescription.
AuditActionType For an RMAudit event, specifies the type of audit action, such as Delete, Relocate, Destroy, Transfer, Interim Transfer, Export, Review, Undeclare, Hold, or Remove Hold.
AuditLevel For an AuditConfiguration event, specifies the level of auditing (auditing disabled = 0, auditing enabled = 1).
ContainmentName For a File and Unfile event, specifies the name of the object added or removed from the container object.
Creator For all events, specifies the short name of the user who generated the event (the user who created the event object).
DateCreated For all events, contains the date and time the event was generated (the date and time the event object was created). Content Engine stores dates and times using Coordinated Universal Time (UTC).
DateLastModified For all events, contains the date and time the event was last modified (the date and time the event object was last modified).
EventStatus For all events, indicates whether the operation that generated this event was successful (0) or not (an internally-used error code).
LastModifier For all events, contains the short name of the user who last modified the event object.
LifecycleOperation For a ChangeState event, specifies the lifecycle operation performed on the source object.
ModifiedProperties For a ChangeClass, ChangeState, Checkin, Checkout, ClassifyComplete, Custom, DemoteVersion, Freeze, Lock, PromoteVersion, RMAudit, Unlock, Update, and UpdateSecurity event, specifies a list of the symbolic names of the properties modified by the operation being audited.
ObjectType For all events, specifies a number that denotes the base type of an object. For event objects, the value is always 1180.
QueryText For a Query event, specifies the original text from which the query was generated.
ReasonForAction For an RMAudit event, specifies the reason for the action. This field is populated with the value entered by the user in the Review Comments field while completing the workflow.
Reviewer For an RMAudit event, specifies the name of the user who performed the action that generated the event (the user who started the IBM Enterprise Records workflow queue).
RMEntityDescription For an RMAudit event, specifies a description for the audited action where appropriate. For example, a Relocate action might be described as RM entity MyRecordFolder moved from source /Records Management/My File Plan/My Record Category to destination /Records Management/My File Plan/Another Record Category.
SourceClassId For a CancelCheckout, ChangeClass, ChangeState, Checkin, Checkout, ClassifyComplete, Creation, Custom, Deletion, DemoteVersion, File, Freeze, GetContent, GetObject, Lock, PromoteVersion, Query, RMAudit, Unfile, Unlock, Update and UpdateSecurityEvent event, specifies the class ID of the object that is the subject of an audit event.
SourceObject For a CancelCheckout, ChangeClass, ChangeState, Checkin, Checkout, ClassifyComplete, Creation, Custom, Deletion, DemoteVersion, File, Freeze, Lock, PromoteVersion, RMAudit, Unfile, Unlock, Update, and UpdateSecurity event, specifies a snapshot of the object that is the source of an audit event at the time the event occurred. (Note that the object reference contained in this property represents the object in its state when the event occurred, and might be different from the object's current state.)
SourceObjectId For a CancelCheckout, ChangeClass, ChangeState, Checkin, Checkout, ClassifyComplete, Creation, Custom, Deletion, DemoteVersion, File, Freeze, GetContent, GetObject, Lock, PromoteVersion, RMAudit, Unfile, Unlock, Update, and UpdateSecurity event, specifies the ID of the object that is the subject of an audit event.
VersionSeriesId For a CancelCheckout, ChangeClass, ChangeState, Checkin, Checkout, ClassifyComplete, Creation, Custom, Deletion, DemoteVersion, Freeze, Lock, PromoteVersion, RMAudit, Unlock, Update, and UpdateSecurity event, specifies (where relevant) the ID of the version series for the source object.