Knowledgebase: WebRoot
Monitoring Administrator Activities
Posted by Carlos R on 20 October 2016 08:23 PM

 

The Audit Logs display all administrator activities within the selected timeframe.

Note: To view logs, you must have Audit Log permission for Manage Audit Logs.


Specifying criteria

You enter criteria to create a specific view of the audit log. The Audit Logs page includes a Search panel for this purpose.

To specify new criteria for the search and refresh the log:

  1. From the Home tab, select the Statistics tab, then select Activity Monitors.



    The Activity Monitor pane displays.




  2. Select one or more dates from the last 90-day period; the current date is always the default:
    • Click to select a single date.
    • Shift-click or click and drag to select contiguous dates.
    • Ctrl-click to select non-contiguous dates.
  3. Select the checkbox for the data point for which to define criteria.
  4. Enter criteria for each selected column based on the following table.
    Data Points and CriteriaDescription
    Admin Filters data based on the administrator.
    1. Select the checkbox to select this data point.
    2. Select a criteria from the drop-down list. The criteria apply to alphanumeric searches.
    • Contains returns administrator email addresses containing the alphanumeric string in the text box. The string can be in the beginning, middle, or end of the entire value.
    • Does not contain returns administrator email addresses whose values do not contain the alphanumeric string in the text box. The string can be in the beginning, middle, or end of the entire value.
    • Equals returns records whose values exactly match the alphanumeric string in the text box.
    • Does not equal returns records whose values are not exactly the alphanumeric string in the text box.
    1. In the text box, type the text string for the match criteria to use as a comparison. Type at least one character.
    Time Filters data based on the specified time.
    Category Category is the general area in which specific actions took place.
    1. Select the checkbox to select this data point.
    2. Select a category from the drop-down list.
    • Account refers to actions done in the Accounts tab.
    • Admin refers to actions done in the Admins tab.
    • Group refers to actions done in the Groups tab.
    • Policy refers to actions done in the Policies tab.
    • Security refers to actions concerning logins and logouts.
    • User refers to actions done in the Users tab.
    • Saved Chart refers to actions in the Saved Charts page.
    • Scheduled Report refers to actions in the Reports tab’s Scheduled Reports page.
    Action Select an action type from the drop-down list.
    • All refers to all actions on the list.
    • Add refers to the creation of new items, such as adding users, groups, policies, and so on. The Details column displays some settings such as the proxy login, the user name, and status.
    • Modify refers to changes made to existing items.
    • Login refers to the logins performed by the administrator. The Details column displays the IP address.
    • Logoff refers to the logouts performed by the administrator. The Details column displays the IP address.
    • Switch back refers to the action performed by the service provider who has terminated access to the account.
    • Switch to refers to action performed by the service provider.
    • Generate Report refers to the reports that are processed and sent to recipients on a regular schedule.
    • Import refers to the creation of users through LDAP or CSV imports.
    • Delete stale user refers to a user deletion from the service after a period of time (stale days) if the user has been deleted from LDAP or CSV.
    • Reset quota refers to administrators who reset users’ quotas.
  5. Click Search.
    The log is refreshed with data based on your criteria. The log displays 10 records per page. To display the next set of records, click More.

Changing the number of returned records

The log displays 20 records at a time by default. You can change this number in the current view. The default number of records is restored after the user logs off and logs back in again.


To change the number of records per page:

    1. In Max Results, select the number of records to be displayed for the search.
    2. Click Search.
      The log is displayed in tabular format (columns and rows) if matching records are found.
    3. Use the More or Prev buttons to search the next or previous set of records based on the number in Max Results.

Interpreting Audit Log data

Log data appears in tabular format. The Filter box on the top right of the results panel is always active if records are displayed. The Filter box becomes inactive if no records are displayed, or if you change the Max Result to 200 and click Search.


The following table describes the data in the Audit Log.

ColumnsDescription
Date The date you selected for the log. If you selected multiple dates, the log allocates one row per date.
Time The time the administrator requested log data. Timestamp is based on the administrator’s time zone.
Admin The administrator who performed the recorded action.
Category The service component that was used; for example, any of the tabs on the Management Portal such as Accounts, Groups, and so on. Logins, logoffs, Switch tos, and Switch backs are categorized as Security.
Action Shows what administrator actions: Login, Logoff, Add, Modify, Delete, etc.
Affected The name of the entity that was acted upon. For example, if Category is Group and the action is Modify, this column displays the name of the group that was modified. For Generated Reports, this column displays the report description.
Details Details of the particular action. Some examples of actions and related details:
  • Added group: Details display the group attributes and their values.
  • Deleted users: Details display the total number of deleted users.
  • Users successfully imported via CSV or LDAP: Details show the number of users added, the group, and source.
  • Manually added user: Details show login name, email address, group, source, and status.
  • A partially successful import: Details indicate only the total number of users processed by the Import.
  • Added or modified policy: Details show policy settings such as timeout, subscription options, quotas, and so on.
  • Reset quota: There is one record per administrator. Details show the total number of users whose quota was reset.

ERROR: This domain name does not match domain registered in the license key file (cms.orlinpilot.com), allowed domains: support.excelmicro.com,localhost, please change the product path to match the domain under Admin CP > Settings > General Settings
This product will not work properly unless untill that value is changed.

For more information please contact Kayako support at https://my.kayako.com