1. Administering Narrative Reporting
  2. Performing an Audit
  3. Creating a System Audit

Creating a System Audit

The system audit file includes all records in the audit log between the timestamps defined by the Service Administrator. By default, From displays the earliest timestamp in the audit log and cannot be changed. The Service Administrator can select the To timestamp to control the range for the system audit.

Caution:

When creating the system audit file, you can choose an option to remove all entries for the selected system audit file from the audit logs after they have been extracted. Because the entries have been removed, the new From timestamp for all entries changes to the first timestamp after the removed entries. For example, if you remove all entries up to Mar 16th, the new From timestamp becomes March 17.

To create a System Audit log:

  1. On the Home Page, use one of these options:

    • On the Welcome Panel, select Create Create icon, and then select System Audit File. Welcome Panel

    • From the Library, select Audit Logs in the left pane, and click Create Create icon in the right pane, and then select System Audit.


    Select System Audit from Audit Logs folder in the library.
  2. From the Create System Audit File dialog box, use the calendar icon Calendar iconto select the To timestamp for the end of the range for the audit file.

    Note:

    By default, From displays the earliest timestamp in the audit log and cannot be changed.


    Select the end timestamp for the system audit.
  3. Enter the name for the audit file that will be automatically stored in the Audit Logs folder in the Library.
  4. Optional: Select Remove extracted entries from the active system audit log to clear the entries in the audit log after the audit file has been created.

    Caution:

    If you remove extracted entries, the From entry in the System Audit file changes to reflect the next timestamp. For example, if the range for the audit extract that was removed covered the period from March 15th to March 31st, then the new From timestamp will be April 1st.

  5. Click OK to create the audit file.
  6. Click OK to dismiss the confirmation message. The audit file is created in the background, and a notification is sent when the audit log is complete.
  7. Optional: On the Home page, select Messages to verify that the audit is complete.

    On Messages, confirm that the audit is complete.
  8. From the Library, select Audit Logs.
  9. Select the audit log that you want to view, then click Actions, and then Download to save the audit file to your local File System.

    You may need to scroll over to the far right on the screen to see the Actions menu. Make a note of the location to which you are saving the audit file.

  10. Navigate to the audit file on your local File System to review the results.

    The System Audit Log contains details for each transaction, including the following:

    • Timestamp

    • User and IP Address

      Note:

      In most instances, the IP address displayed may not be the user’s actual IP address.

    • Event Category, Type, and Status

    • Artifact ID, Name, and Location

    • Actions and Changed Values


    Review the system audit results.
  11. Optional: Click Actions to perform these additional tasks:

    • Select Inspect to review the audit log Properties and the History for the file.

    • Select Delete to remove the system audit file. A confirmation dialog box confirms the deletion.

    • Click Rename to enter a new name for the audit log file.