Audit Trails: Understanding the Audit Trail
Once the logging process has begun, the Log Viewer will display a grid of information regarding the audited actions including a log ID number, time stamp (of when the action took place), user name, full name of user, station, the action taken, etc. Note that column widths in the log grid can be increased and decreased using standard Windows techniques. Additionally, when you double-click a cell, a Zoom window will be opened and the entire cell contents will be displayed, making it easier to review the values entered in the cell.
The Audit Trail in STATISTICA Enterprise is based on the idea that a variety of activities can occur within a STATISTICA Enterprise session. For example, an Analysis Configuration can be run, a Data Configuration can be modified, a Characteristic might be deleted, etc. Each activity described above comprises several related events. For example, the activity of modifying an Analysis Configuration, can comprise several events (or actions) including changing the name, changing a query, etc.
Log values reported for each event vary. The log grid can contain up to 17 columns including the Log ID, the time stamp, the user name, the user's full name, the user's station, action, sub action, object type, object val, item type, item value, old value, new value, ID1, ID2, misc, and reason. Note that regardless of the type of the event being audited, the unique logID, time stamp, and user name are reported for each entry.
Below is an overview of the fields in the log entry:
- Log ID
- This column gives the unique Log ID for the event.
- Time
- This column displays the time when the particular event occurred.
- User
- This column displays the user name for the user who initiated the event.
- Action
- This column reports the type of action that was made. The following types of actions can be taken: change, create, copy, delete, enable or disable, change acl (change access control level), run, add, attach, detach, log on, and log off.
- Sub Action
- This column reports the type of sub action that was made. A value in the Sub Action column serves to further qualify the type of change that was made; therefore, a Sub Action value is only reported in conjunction with the
Change or
Change ACL action. For example, for a log entry that documents the adding of a new user, the Action would be
change, and the Sub Action would be
add user.
The following types of Sub Actions can be reported when the Action is either change or change acl: add group, add perm (add permission), add user, del group (delete group), del perm (delete permission), del user (delete user), user ac (user access control), and group ac (group access control).
- Object Type
- This column reports the type of object that has been affected or accessed. The following objects types are available in STATISTICA Enterprise: user, group, char (characteristic), profile (Data Configuration or Data Entry Setup), query, ext column (OLE DB Column), monitor (Analysis Configuration), system, node, extdb (external database), and settings.
- Object Value
- This column reports the value assigned to the object reported in the OBJECT TYPE column. For example, for a log entry that documents the creation of a new node, the OBJECT TYPE would be node and the Object Value would be the
nodeID number for the node being created. The actual name of the node would be reported in the Miscellaneous column.
OBJECT TYPE OBJECT VALUE user userID group groupID char (characteristic) charID or new charID (when ACTN is copy) profile profileID or new profileID (when ACTN is copy) query profileID/query name ext column (external column) profileID/query name/column name monitor monitorID or new monitorID (when ACTN is copy) system clsi (characteristic, label, station input) auth (authenticated) (when ACTN is log on orlog off) bad username (when ACTN is log on) bad password (when ACTN is log on) account lockout (when ACTN is log on) account disabled (when ACTN is log on) options sdms integration node nodeID extdb database name settings log - Item Type
- This column reports the type of item. It is only used to clarify the type of item that has been accessed when more than one type is possible. For example, when adding a Data Entry Setup, an event could be recorded for a station, label, or characteristic. Thus, three item types are possible, and the item type would be recorded in this column. When changing a query, there is only one possible item type, so no item type is reported. However, the item value column will report whether the query name or query sql statement was changed. A variety of item types can be reported in conjunction with different actions and objects.
- Item Value
- This column records the value assigned to the item. Note that an item type does not have to be reported in order for an item value to be assigned (see Item Type, above). A variety of item values can be reported in conjunction with different actions and objects.
- Old Value
- This column reports the old value for an item. For example, when a user name is changed (Action:
change, OBJTYPE:user, ITEM VALUE:name), this column will record the old user name.
New Value. This column reports the new value for an item. For example, when a user name is changed (Action: change, Object Type:user, Item Value:name), this column will record the new user name.
- ID1
- This column reports the system ID (i.e., groupID, permissionID, userID, stationID, labelID), etc.
- ID2
- This column can report an additional system ID. For example, when a user logs in to STATISTICA Enterprise (s)he is assigned a sessionID (which would be reported in ID1). ID2 would record the number of active users at that time.
- Miscellaneous
- This column records additional information about the event. For example, when a new profile has been created (Action:create, Object Type:profile), this column will display the actual name of the new profile.
- Reason
- This column is present when the When committing change, prompt for and require a reason option is selected on the System Options: Versions and Approvals panel. This column will contain a brief (42 character maximum) explanation given by the user when the change was made. Note that one change may have several log events associated with it, thus this reason may be used for a collection of events and not just one change event. This column also displays the comment entered in the Approve Document dialog box, if When approving a version, prompt for and require a reason checkbox on the Versions and Approvals panel is selected.