Audit Log

Top  Previous  Next

Audit log allows to view the list of events and changes carried via the control subsystems of Dr.Web Enterprise Security Suite.

To view the audit log

1.Select the Administrating item in the main menu of the Control Center.

2.In the opened window, select the Audit log item of the control menu.

3.Window with the registered actions table opens. To configure viewing the log, specify on the toolbar the time period during which the actions have been performed. For this, you can select one of the proposed periods or specify arbitrary dates in the calendars which are opened on clicking the dates fields. Click Refresh to display the log for the selected dates.

4.The log table contains the following data:

Date—date and time when the action has been performed.

Login—login of the Server administrator. It is specified if the action was initiated directly by administrator or during connection to the Server according to the administrator credentials.

Address—IP address from which the action execution has been initiated. It is specified only in case of an external connection to the Server, particularly via the Control Center or via the Web API.

Subsystem—the name of the subsystem by which or via which the action has been initiated. The audit is logged for the following subsystems:

Control Center—the action was performed via Dr.Web Security Control Center, particularly by administrator.

Web API—the action was performed via the Web API, e.g., from an external software connected according to the administrator credentials (see also the Appendices document, p. Appendix L. Integration of Web API and Dr.Web Enterprise Security Suite).

Server—the action was performed by Dr.Web Server, e.g., according to its schedule.

Utilities—the action is initiated via the external utilities, particularly via Dr.Web Server remote diagnostics utility.

Result—the brief result of the action performing:

OK—operation successfully executed.

failed—an error occurred during the operation execution. Operation is not executed.

initiated—operation execution is initiated. The result of operation execution will be known just after its completion.

no rights—administrator that launched the operation execution has no permissions to execute this operation.

delayed—action execution is postponed until a certain period or performing of a certain event.

not allowed—execution of the requested action is prohibited. For example, deleting of system groups.

Lines that correspond to actions executed with an error (the failed value in the Result column), are marked with red.

Operation—the action description.

5.If necessary, you can export data for the specified period into a file. To do this, click on the the following buttons on the toolbar:

Save data in CSV file,

Save data in HTML file,

Save data in XML file,

Save data in PDF file.