Configuration
The Configuration tab allows you to enable or disable specific Console audit log messages. By default, Audit Logging is disabled and must be enabled by a Console administrator. Audit logging, when enabled, logs specific server messages relating to certain user actions and events which display on the Messages tab.
To enable a message to be logged for a specific event place a check mark next to it with a single left click of the mouse. Remove the check mark to disable that message. When enabled the following information can be audited:
Event |
Enables or disables all audit logging messages. If a filter is applied, this enables or disables all filtered (visible) events. |
Users |
- Admin Password Change: Written when the admin changes their password from within the Console Administrator Tool (CAT).
- Admin User Change: Written when the admin user name is changed from within the Console Administrator Tool (CAT).
- Admin User Unlock: Written when a user in the Administrator role is unlocked while logged in from localhost.
- User Create: Written when a new user account is created on the Console.
- User Lock: Written when a user account is locked or unlocked from the Users page of the Admin tab. The Information column on the Messages page specifies whether the user was locked or unlocked. This message is not written when the user is locked out from too many invalid login attempts.
- User Login: Written each time a user logs in to the Console.
- User Login Failed: Written each time there is a failed attempt to login to the Console.
- User Password Change: Written when a user account has had their password changed using the Users page of the Admin tab. This message is not written when the password is changed using the Personal Settings page.
- User Remove: Written when a user account is deleted from the Console.
|
Classifications |
- Classification Auto Change: Written when a location has been assigned a classification as a result of the execution of the workflow rules service job.
- Classification Manual Change: Written when a location has been manually assigned a classification.
|
Endpoints |
- Written when an endpoint installation package, AnyFind definitions update, or license file is removed from the relevant section of the Endpoint Updates page on the Admin tab.
- Endpoint Item Uploaded: Written when an endpoint installation package, AnyFind definitions update, or license file is uploaded to the relevant section of the Endpoint Updates page on the Admin tab.
- Endpoint Pruned: Written when an endpoint has been removed from the Console via the Prune Endpoints service job.
- Endpoints Merge: Written when endpoints are merged.
|
Policies |
- Policy Change: Written when a policy is changed and saved using edit mode.
- Policy Create: Written when a policy is created.
- Policy Delete: Written when a policy is deleted.
|
Results |
- Remote Result Action Cleared: Written when a Shred, Quarantine, or Ignore action initiated from the Console Results tab has been processed by an endpoint.
- Remote Result Action Scheduled: Written when a Shred, Quarantine, or Ignore action initiated from the Console Results tab is scheduled for processing by an endpoint.
|
Schedules |
- Schedule Change: Written when a service job schedule has been changed.
- Schedule Create: Written when a service job has been created.
- Schedule Delete: Written when service job has been deleted.
|
Tags |
- Tag Change: Written when a tag is changed.
- Tag Create: Written when a tag is created.
- Tag Remove: Written when a tag is deleted.
|
Roles |
- Role Clone: Written when a role is cloned.
- Role Create: Written when a role is created.
- Role Edit: Written when a role has been edited.
- Role Permissions Change: Written when the permissions of a role has been changed
- Role Remove: Written when a role has been deleted.
|
Note: Clicking the check box next to a specific group header selects or clears all audit logging messages within that group. If a filter is applied, this selects or clears all filtered (visible) events with that group.
Clicking on the Filter icon provides the ability to restrict the Configuration tab to only display the events that match the specified, custom criteria. When filtering is applied, the filter icon appears with a blue background.