Skip to main content

Audit

Description

The audit trail page allows you to query for audit records. Each action done at the Soffid console will be reported.

Screen overview

image.png

Related objects

Almost all Soffid components are audited in some way, so we could reference all the pages in the documentation.

Standard attributes
  • Date/Time: date on which the action was performed.
  • Author: user who launched the task. When the author is empty, the Syncserver launched this task.
  • Source IP:  IP or host where the action has been performed
  • Action: the task performed is specified.
  • Purpose: is the name of the internal object (also the table of the database) which the action was performed.
  • User: identity who performed the action.
  • Information system:  details on which information system the action was performed.
  • Role: details the role with which the action was performed.
  • Account: if the action has taken place on an account, it will be indicated on which one in this section.
  • DB: name of the final system
  • Group: details the group with which the action was performed.
  • Network
  • Machine
  • Printer
  • Domain
  • Domain value
  • Mail domain
  • Mail list
  • Mail list belongs
  • Parameter
  • File
  • Authorization
  • Federation
  • Users domain
  • Passwords domain
  • Jump servers group
  • OAM session id
  • Action code

Actions

Query buttons Allows you to query accounts through different search systems, Quick and Advanced.
Table filter It allows you to filter a column in the table based on the results loaded in it.
Download CSV file Allows you to download a csv file with the information of audit records. 
View

Allows you to add or remove columns to the table.

It is also possible to change the order of the columns.

Examples

Common querys

Here you have a list of common Advanced searches, you only have to copy, paste and search, e.g.

// User changes trace
calendar ge "2020-01-01T00:00:00.000+01:00" AND user co "admin"
 
// User actions trace
calendar ge "2020-01-01T00:00:00.000+01:00" AND author co "admin"
 
// Soffid accounts
calendar ge "2020-01-01T00:00:00.000+01:00" AND user co "admin" AND database co "soffid"
 
// Created accounts
calendar ge "2020-01-01T00:00:00.000+01:00" AND action co "C" AND object co "SC_ACCOUN"
 
// Removed objects
calendar ge "2020-01-01T00:00:00.000+01:00" AND action co "D" AND object co "SC_ACCOUN"

Back to top