View audit log entries
You can view entries in the audit log using Enterprise Manager. You can also view audit entries for an entity using the IBM InfoSphere Enterprise Records application's History view.
Using Enterprise Manager
Note that, in addition to performing the procedure below, you can retrieve, view, and operate on audit log entries using the auditing-related Saved Searches included in Enterprise Manager.
- Log in to Enterprise Manager as System Administrator.
- Expand the node for the object store that contains the audit log you want to view.
- Right-click the Search Results node and select New Search from the context menu to open the Query Builder.
- Select either the RMAudit object, the Event object, or a specific event type object (such as FileEvent ) from the Select from Table drop-down list box. The query builder displays all columns defined in the selected table in the Select Columns window.
- By default, all the properties listed in the Select Columns drop-down list box display in the search results. You can optionally select only those properties you want to include in the search results.
- Click OK to start the search for audit log entries.
After the Query Builder executes the search query, the details pane displays the objects that match the criteria you specified. The details pane displays the columns of properties from the selected object table. You can double-click the displayed results to view the audit log.
TIP To view entries for a specific entity type (such as a Record Category), open the Properties page for the
entity's class, click on the Properties tab, select the property value (the GUID) for the Primary ID
property, then right-click and Copy the value. In Step 5 above, specify the search criteria as follows:
SourceClassId as the Column, Equal To as the Condition, and the GUID you copied as the Value.
In a similar fashion, you can view entries for a specific entity by browsing to that entity in EM, then copying its ID property. Alternatively, you can open the entity's Properties page, then click on the Audit History tab.
Using the IBM InfoSphere Enterprise Records History View
Only a Records Administrator can view audit log entries using the History view.
- From the IBM InfoSphere Enterprise Records application, browse the file plan to access the entity whose audit history you want to display.
- To display the entity's Information page, click the Get Info icon.
- Click the History link displayed in the left
panel of the page.
- Select the checkboxes for the types of events you want to display for the selected entity.
- Specify the criteria:
- Click the calendar icons to enter the period for which you want to display events.
- Select either AND or OR as the conditional operator. If you select AND, then only those events that match the criteria specified in both the Event Date and Initiated By fields will display. If you select OR, then the events that match the criteria specified in either the Event Date or Initiated By fields will display.
- Click Select User to
specify the user who initiated the events.
- Select either AND or OR for the results of the previous two conditions and Event Status.
- Select either Success or Failure from the Event Status list box
to display either successful or failed events.
- Specify a number in the Max Results text box.
This is the maximum number of events that you want to display in a page.
NOTE If you specify zero (0) as the maximum results value, then all the events available in the audit history for the entity are displayed.
- Click Search to
search and display events based on the specified criteria, or click Clear
to clear the search criteria that you specified on this page.
- Click Exit to close the page.