You can view entries in the audit log using Enterprise Manager. You can also view audit
entries for an entity using the IBM® Enterprise
Records application's
History view.
Using Enterprise Manager
In
addition to performing the procedure below, you can retrieve, view,
and operate on audit log entries using the auditing-related Saved
Searches included in Enterprise Manager.
To view the audit log entries:
- Log in to Enterprise Manager as
System Administrator.
- Expand the node for the object store that contains the
audit log you want to view.
- Right-click the Search Results node
and select New Search from the context menu
to open the Query Builder.
- Select either the RMAudit object,
the Event object, or a specific event type
object (such as FileEvent ) from the Select
from Table drop-down list box. The query builder displays
all columns defined in the selected table in the Select
Columns window.
- By default, all the properties listed in the Select Columns
menu display in the search results. You can optionally select only
those properties you want to include in the search results.
- Click OK to start the search for
audit log entries.
After the Query Builder executes the search query, the
details pane displays the objects that match the criteria you specified.
The details pane displays the columns of properties from the selected
object table. You can double-click the displayed results to view the
audit log.
To view entries for a specific entity type (such
as a Record Category), open the Properties page for the entity's class,
click on the Properties tab, select the property
value (the GUID) for the Primary ID property, then right-click and
Copy the value. In Step 5 above, specify the search criteria as follows:
SourceClassId as the Column, Equal To as the Condition, and the GUID
you copied as the Value. In a similar fashion, you can view entries
for a specific entity by browsing to that entity in EM, then copying
its ID property. Alternatively, you can open the entity's Properties
page, then click on the Audit History tab.
Using
the IBM Enterprise
Records History View
Only a Records Administrator can view audit log entries
using the History view.
- From the IBM Enterprise
Records application,
browse the file plan to access the entity whose audit history you
want to display.
- To display the entity's Information page, click the Get Info icon.
- Click the History link displayed in the
left panel of the page.
- Select the check boxes for the types of events you want to display
for the selected entity.
- Specify the criteria:
- Click the calendar icons to enter the period for which you want
to display events.
- Select either AND or OR as
the conditional operator. If you select AND, then only those events
that match the criteria specified in both the Event Date and Initiated
By fields will display. If you select OR, then the events
that match the criteria specified in either the Event Date or Initiated
By fields will display.
- Click Select User to specify the user who
initiated the events.
- Select either AND or OR for
the results of the previous two conditions and Event Status.
- Select either Success or Failure from
the Event Status list box to display either
successful or failed events.
- Specify a number in the Max Results text box. This is the maximum
number of events that you want to display in a page.
Attention: If you specify zero (0) as the maximum results value,
then all the events available in the audit history for the entity
are displayed.
- Click Search to search and display events
based on the specified criteria, or click Clear to
clear the search criteria that you specified on this page.
- Click Exit to close the page.