You are viewing limited content. For full access, please sign in.

Question

Question

Audit Trail

Audit Trail
Updated September 4, 2015
asked on September 2, 2015

Hi,

We have audit logs at \repository\AUDIT\repository.log. What events are logged in these files? Do they contain changes in Metadata as well?  Also, is there a way to modify which events are being logged?  Auditing Properties does not have this setting. 

Is it safe to delete historical data? We currently have more than a year's log.

 

0 0

Answer

SELECTED ANSWER
replied on September 2, 2015

For Standard and Advanced Audit Trail, there is an "Auditing" tab in the properties for each user, group, windows account, and Everyone. That is where you can configure which events are being audited for which trustee.

Typically, the binary audit logs that the Laserfiche Server writes to should not be deleted. If there are compliance policies that you must adhere to, then that may be a factor. Otherwise, the Audit Trail reporter (which is a separate component) can just be configured to report on the relevant date range.

1 0

Replies

replied on September 3, 2015

We'll update the documentation. By default, a new repository will audit successes in the following event classes for the Everyone group: Account, Annotation, Auditing, Entry, Metadata Definitions, Page, Privileged Operations, Records Management Actions (if applicable), Records Management File Plan (if applicable), Session, and Volume.

When you create new users and groups, they will use the audit settings according to group membership by default, meaning it's going to inherit from the Everyone group. You can choose to have the individual trustee use its own audit settings though.

If you modify the events that are being audited for the Everyone group, that will only affect things moving forward. If you change the Audit file location and rollover directory, the files will be moved automatically.

1 0
replied on September 4, 2015

Thank you for the detailed response. This helps.

0 0
replied on September 2, 2015

In our setting, I see that All Events are logged for "Everyone". I guess this is being inherited by all groups and users that are created.

Documentation claims that no event is logged by default at 

https://www.laserfiche.com/support/webhelp/Laserfiche/9.1/en-US/AdminGuide/LFAdmin.htm#Event_Logging_Setup.htm%3FTocPath%3DLaserfiche%2520Administration%2520Guide%7CLaserfiche%2520Audit%2520Trail%7CHow%2520Does%2520Audit%2520Trail%2520Work%253F%7CEvents%7CEvent%2520Logging%7C_____0

However, on creating a new test repository, I found that most of the events are logged by default. 

 

If I modify the events that are being logged for "Everyone" , Will it alter older files as well or the altereted setting applicable only for future files ? Asking this to ensure that there is no downtime of repository involved while we modify the audit settings. 

If we want to move the log files to a new encrypted disk, can I simply change the audit log path setting at Auditing-->Settings

Should we manually move older files or will the tool automatically move older logs as well to the new location.

Best Regards,

Srikanth

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...