7.7.7. Audit History

Your system stores an audit history of important events which have occurred on the system for security auditing. Auditing is on by default and the option to turn it off is under System Security in the Users and Security section.

The Audit history can be viewed from the ‘Audit History’ page. There are two views available: Tree (Sessions) and Table (Operations). The Tree view groups audited actions into sessions by user and the Table view is a list of all operations that have been audited. In either view, entries can be clicked to see more detail.

In Table view, each row in the table represents one auditable event, and auditable events are displayed in descending order by time, with most recent first. If more than one web page is required to display all the audit history events, you will find an “Older Entries’ and “Newer Entries” buttons at the bottom of the page for navigation purposes.

Each audit history entry shows the following information:

Time: The Date and Time the audited event occurred are displayed using the currently configured time zone information for the recorder

User: The User Account which performed or attempted to perform the audited action

Success: If the action was successful, it is in black text. If it failed, it is in red.

Description: A human readable description of what happened.

Action: This describes the action that was performed. Valid action types include:

• USER-LOGIN: The user account logged into the system. The description will also specify what client software was used (e.g. MediaWorks DX, Soap Client, etc.)

• USER-LOGOUT: The user account logged out of the system

• SHUTDOWN: A request was made to shut down the recorder

• REBOOT: A request was made to reboot the recorder

• MONITOR-ON: The user Live Monitored a channel and listened to the audio

• MONITOR-OFF: The user ceased live monitoring the channel

• FORCE-SUPPRESSION-ON: The user turned on call suppression for a channel

• FORCE-SUPPRESSION-OFF: The user turned off call suppression for a channel

• AUDIO-ACCESSED: The user played a media record

• ADD-ENTITY: A New entity (e.g. Custom Field, User Account, etc.) was added to the recorder. The description will tell which entity type was added.

• DELETE-ENTITY: An Entity (e.g., Custom Field, User Account, etc.) was deleted from the recorder. The description will tell which entity type and the primary key (name, number, etc.) of the entity.

• UPDATE-ENTITY: An Entity (e.g., Custom Field, DateTime, etc.) was modified. The description will tell the Entity Type and if applicable primary key of the entity.

• GET-ENTITY: An Entity (e.g., Custom Field, DateTime, etc.) was retrieved and viewed. The description will tell the Entity Type and if applicable the primary key of the entity

• GET-ALL-ENTITY: All Entities (e.g., Custom Field, DateTime, etc.) were retrieved and viewed. The description will tell the Entity Type

• SEARCH-ENTITY: An Entity was searched

• START-RECORDING: A user forced recording to start on a channel (this usually happens from a SOAP integration with the recorder)

• STOP-RECORDING: A user forced recording to stop on a channel (this usually happens from a SOAP integration with the recorder)

• ROD-DISABLE: A user forced a channel into a non-recording mode (this usually happens from a SOAP integration with the recorder)

• ROD-ENABLE: A user switched a channel back to its standard recording mode (this usually happens from a SOAP integration with the recorder)

• OPEN-TRAY: A user ejected an archive drive

• CLOSE-TRAY: A user injected an archive drive

• ACKNOWLEDGE-ALERT: A user acknowledged an alert

• SET-CHANNEL-METADATA: A user added metadata to be applied to each media record on a channel (this usually happens from a SOAP integration with the recorder)

• SET-CALL-METADATA: A user added metadata to a specific call (this usually happens from a SOAP integration with the recorder)

• SET-WORKSTATION-TAG: User set workstation tag for channel. (this usually happens from a SOAP integration with the recorder).

• UNSET-WORKSTATION-TAG: User unset workstation tag for channel. (this usually happens from a SOAP integration with the recorder).

• CHANGE-PASS: A user changed their pass (or someone else’s if they are an admin)

• EXPORT-SYSTEM-INFO: A user took a backup of system information either to an archive drive or via download to a web browser.

• IMPORT-SYSTEM-INFO: A user uploaded or restored system information

• OFFLINE-DISK-FROM-RAID: A user marked a drive for removal

• ADD-DISK-TO-RAID: A user added a new drive to a RAID

• BOND-NICS: A user bonded 2 network interfaces together into 1 interface (this is advanced behavior for certain logger configurations and is not typical to see)

• START-ARCHIVING: A user started archiving on an archive device

• STOP-ARCHIVING: A user stopped archiving

• BROWSE-ARCHIVE: A user put an archive into Browse mode for viewing with the Front Panel or with client software

• UNBROWSE-ARCHIVE: A user took a browsed archive back offline

• PERIOD-ARCHIVE: A user initiated a period archive to an archive drive

• FORMAT-ARCHIVE: A user initiated a format of an archive drive

• SET-ARCHIVE-POINTER: A user moved the archive time pointer on an archive

• START-ARCHIVE-TRANSFER: A user started a transfer of archived data back to the recorder

• STOP-ARCHIVE-TRANSFER: A user stopped the transfer of archived data to the recorder.

• START-PCAP: A user started a network data capture

• STOP-PCAP: A user stopped a network data capture

The Audit History is designed to provide an audit trail of configuration changes as well as audio access to the recorder. There are options available under Security: System Security that allow for configuration of the level of detail in the audit history. If full details are enabled, then clicking on a configuration change audit event (e.g. UPDATE-ENTITY) will display the difference between the original and new configuration that was sent to the recorder to make the request. A Close button is provided to dismiss that window.