Audit Log

Audit log allows to view the list of events and changes carried via the control subsystems of Dr.Web Enterprise Security Suite.

To view the audit log

1.Select the Administrating item in the main menu of the Control Center.

2.In the opened window, select the Audit log item of the control menu.

3.Window with the registered actions table opens. To configure viewing the log, specify on the toolbar the time period during which the actions have been performed. For this, you can select one of the proposed periods or specify arbitrary dates in the calendars which are opened on clicking the dates fields. Click Refresh to display the log for the selected dates.

4.To configure the table view, click the icon-merge-settings icon in the right corner of the table header. In the drop-down list, you can configure the following options:

Enable or disable line wrapping for long messages.

Select the columns to display in the table (selected by the flag next to its name). To show/hide the column, click the line with its name.

Select the order of the columns in the table. To change the order, drag and drop a column in the list to the intended position.

5.The log table contains the following data:

Time—date and time when the action has been performed.

State—the brief result of the action performing:

OK—operation successfully executed.

failed—an error occurred during the operation execution. Operation is not executed.

initiated—operation execution is initiated. The result of operation execution will be known just after its completion.

no rights—administrator that launched the operation execution has no permissions to execute this operation.

delayed—action execution is postponed until a certain period or performing of a certain event.

not allowed—execution of the requested action is prohibited. For example, deleting of system groups.

info

Lines that correspond to actions executed with an error (the failed value in the Result column), are marked with red.

Message / Error—detailed description of the action or error occurred.

Login—login of the Server administrator. It is specified if the action was initiated directly by administrator or during connection to the Server according to the administrator credentials.

Address—IP address from which the action execution has been initiated. It is specified only in case of an external connection to the Server, particularly via the Control Center or via the Web API.

Subsystem—the name of the subsystem by which or via which the action has been initiated. The audit is logged for the following subsystems:

Control Center—the action was performed via Dr.Web Security Control Center, particularly by administrator.

Web API—the action was performed via the Web API, e.g., from an external software connected according to the administrator credentials (see also the Appendices document, p. Appendix L. Integration of Web API and Dr.Web Enterprise Security Suite).

Server—the action was performed by Dr.Web Server, e.g., according to its schedule.

Utilities—the action is initiated via the external utilities, particularly via Dr.Web Server remote diagnostics utility.

6.To display only specific data, click icon-filter-tables in the table header. In the drop-down list, set the flags for the data you want to display in the table.

info

The filter options are not constant. The data received for the specified period determines whether the option is present or not. This option disappears from the filter if the corresponding data was not received for the specified period.

7.If necessary, you can export data for the specified period into a file. To do this, click on the the following buttons on the toolbar:

icon-export-csv Save data in CSV file,

icon-export-html Save data in HTML file,

icon-export-xml Save data in XML file,

icon-export-pdf Save data in PDF file.