SafeZone System Administrators have the ability to view logs on most system interactions through SafeZone Command.
These include:
- SafeZone/OmniGuard/Command logins;
- Check-in, Alert, Tip and Notification Data;
- User Changes (Creation, Permissions Updates and Deletion);
- Region Changes (Creation, Updates and Deletion);
- User Group Changes (Creation, Updates and Deletion);
- Feature Updates;
- System purge and deletion activities;
This feature is a tool for investigations and not reporting, which should be carried out through the History menu in Command.
Pre-requisite: In order to view the Asset Heatmap you will need to have SafeZone Administrator enabled in your user permissions. Please refer to the Editing user permissions user guide or speak to your SafeZone Command administrator to give you access.
To view the Audit Logs:
- Click on Admin -> Audit -> Logs
- At the bottom of the screen, the most recent audit logs will be displayed to you (the screenshot below is for demonstration purposes only);
- You can specify the time period you wish to report on by setting the time and date in Start and End.
- Under Filter you can add filter tags (more on this below);
- Click on Refresh to generate the Audit Logs
- By default, the page lists 10 Rows of results however you can change this by clicking on the drop-down menu and changing to display 25, 50 or 100 rows.
- Clicking on Previous and Next will display the previous/next page of results.
- Clicking on Export will export the logs to Excel.
Filter
The Filter field allows you to filter the information you need in the audit logs. There are two ways to use Filter Tags, using the icons in the description box or by typing directly into the Filter field:
Using the icons in the description box:
- Click on + next to a tag to search for just this type of item
- Click on – next to a tag to hide this type of item
- Click Refresh to show the results
Typing directly into the Filter field:
- You can search for a particular filter by typing an asterisk * followed by the appropriate filter text from the table below.
- You can hide results from a particular filter by typing an exclamation mark ! followed by the appropriate filter text from the table below.
- Press the tab key on your keyboard to show the results and / or add additional filters
You can remove a filter from the field by clicking on the x and then Refresh
The table below is a list of the different filters you can use to filter out the audit logs results (NB: List is not exhaustive)
Tip: You can copy and paste from the table below
Filter Type |
Description |
Filter |
Alerts |
Acknowledged |
audit:type=safezone-alert-acknowledged |
Cancelled by User |
audit:type=safezone-alert-canceled |
|
Escalated |
audit:type=safezone-alert-escalated |
|
Raised by User |
audit:type=safezone-alert-raised |
|
Resolved |
audit:type=safezone-alert-resolved |
|
Assets |
Asset Status |
audit:type=safezone-asset-status |
Check-in |
Check-In Timer Cancelled |
audit:type=safezone-checkin-deescalated |
Check-In Timer Escalated |
audit:type=safezone-checkin-escalated |
|
User Checked In |
audit:type=safezone-checkin-in |
|
User Checked Out |
audit:type=safezone-checkin-out |
|
Data Purging |
History |
audit:type=safezone-alert-retention-purged |
Asset History |
audit:type=safezone-asset-retention-purged |
|
Deleted User |
audit:type=safezone-user-retention-purged |
|
Message History |
audit:type=safezone-message-retention-purged |
|
Tip History |
audit:type=safezone-tip-retention-purged |
|
Notifications |
Notification Sent |
audit:type=safezone-notify-sent |
System |
Feature Updated |
audit:type=safezone-feature-updated |
Region Created |
audit:type=safezone-region-created |
|
Region Deleted |
audit:type=safezone-region-deleted |
|
Region Updated |
audit:type=safezone-region-updated |
|
Region Group Created |
audit:type=safezone-region-group-created |
|
Region Group Deleted |
audit:type=safezone-region-group-deleted |
|
Region Group Updated |
audit:type=safezone-region-group-updated |
|
Region Group User Unsubscribed |
audit:type=safezone-region-group-unsubscribed |
|
Tip Reporting |
Tip Raised |
audit:type=safezone-tip-raised |
Tip Resolved |
audit:type=safezone-tip-resolution-updated |
|
User Groups |
Group Created |
audit:type=safezone-user-group-created |
Group Deleted |
audit:type=safezone-user-group-deleted |
|
Group Updated |
audit:type=safezone-user-group-updated |
|
User Updated |
audit:type=safezone-user-group-user-added |
|
Users
|
User Logged In |
audit:type=stream-added |
User Logged Out |
audit:type=stream-removed |
|
Profile Role added |
audit:type=safezone-user-role-granted |
|
Profile Role removed |
audit:type=safezone-user-role-revoked |
|
User Deleted |
audit:type=safezone-user-deleted |
|
User Purged |
audit:type=safezone-user-purged |
|
User ID Filter |
audit:account={userID}@criticalarc.net |
|
IP Address Filter |
stream:ip={IP Address} |
|
SafeZone Application |
sasl:application=com.criticalarc.safezoneapp |
|
Command / OmniGuard Application |
sasl:application=com.criticalarc.command |
Comments
0 comments
Please sign in to leave a comment.