Messages List

View the Console audit log messages. By default, Audit Logging is disabled and must be enabled by a Console administrator within the Enable Audit Logging section of the Application Settings.

Audit logging, when enabled, logs specific server messages relating to certain user actions and events which display on the Messages page.

The Messages page displays the following columns:

Field Description
Date/Time The timestamp of when the action occurred.
Type

The action that was logged:

  • Admin Password Change: Written when the admin changes their password from within the Console Administrator Tool (CAT).
  • Admin User Change: Written when the admin user name is changed from within the Console Administrator Tool (CAT).
  • Admin User Unlock: Written when a user in the Administrator role is unlocked while logged in from localhost.
  • Classification Auto Change: Written when a location has been assigned a classification as a result of the execution of the workflow rules service job.
  • Classification Manual Change: Written when a location has been manually assigned a classification.
  • Endpoint Item Removed: Written when an endpoint installation package, AnyFind definitions update, or license file is removed from the relevant section of the Endpoint Updates page on the Admin tab.
  • Endpoint Item Uploaded: Written when an endpoint installation package, AnyFind definitions update, or license file is uploaded to the relevant section of the Endpoint Updates page on the Admin tab.
  • Endpoint Pruned: Written when an endpoint has been removed from the Console via the Prune Endpoints service job.
  • Endpoints Merge: Written when endpoints are merged.
  • Policy Change: Written when a policy is changed and saved using edit mode.
  • Policy Create: Written when a policy is created.
  • Policy Delete: Written when a policy is deleted.
  • Remote Result Action Cleared: Written when a Shred, Quarantine, or Ignore action initiated from the Console Results tab has been processed by an endpoint.
  • Remote Result Action Scheduled: Written when a Shred, Quarantine, or Ignore action initiated from the Console Results tab is scheduled for processing by an endpoint..
  • Schedule Change: Written when a service job schedule has been changed.
  • Schedule Create: Written when a service job has been created.
  • Schedule Delete: Written when service job has been deleted.
  • Tag Change: Written when a tag is changed.
  • Tag Create: Written when a tag is created.
  • Tag Delete: Written when a tag is deleted.
  • User Create: Written when a new user account is created on the Console.
  • User Delete: Written when a user account is deleted from the Console.
  • User Lock: Written when a user account is locked or unlocked from the Users page of the Admin tab. The Information column on the Messages page specifies whether the user was locked or unlocked. This message is not written when the user is locked out from too many invalid login attempts.
  • User Login: Written each time a user logs in to the Console.
  • User Login Failed: Written each time there is a failed attempt to login to the Console.
  • User Password Change: Written when a user account has had their password changed using the Users page of the Admin tab. This message is not written when the password is changed using the Personal Settings page.
User The name of the user who initiated the action. e.g. The user who logged in or created a tag.
Information The data in this column varies depending upon the action type. e.g., for an action on a policy it includes the policy name. For some actions this column is blank.
Host The name of the user who initiated the action. e.g. The user who logged in or created a tag.
IP Address The IP address of the machine on which the action was initiated.

Filtering by column provides the ability to restrict the Messages View to only display information that matches the specified, custom criteria. Multiple filters can be applied at once. To open the filter for any column, click on the filter icon on the column header. When a column is being filtered, the filter icon appears filled. The available filters are noted below:

Field Description
Date/Time A filter which restricts based on selected date/time criteria.
Type A filter which restricts based on the type of action.
User A filter which restricts based on the name of the user who initiated the action.
Information A filter which restricts based on the data in the information column.
Host A filter which restricts based on the name of the machine on which the action was initiated.
IP Address A filter which restricts based on the IP address of the machine on which the action was initiated.

You may sort the messages by clicking on specific column headers to toggle between ascending, descending and no sort. Any column which has sorting on it displays an up arrow or a down arrow in the center of the column header indicating ascending or descending, respectively. No arrow indicates that column is not sorted. When you click on a column header to set a sort it removes any previous sorting from all other columns. You can sort multiple columns at the same time by holding down the shift key while selecting a sort. You can reorder the columns by clicking on the column header and dragging and dropping them to the left or right.