Audit
Description
The audit trail page allows you to query for audit records. Each action done at the Soffid console will be reported.
Screen overview
Related objects
Almost all Soffid components are audited in some way, so we could reference all the pages in the documentation.
Standard attributes
- Date/Time: date on which the action was performed.
- Author: user who launched the task. When the author is empty, the Syncserver launched this task.
- Source IP: IP or host where the action has been performed
- Action: the task performed is specified.
- Purpose: is the name of the internal object (also the table of the database) which the action was performed.
- User: identity who performed the action.
- Information system: details on which information system the action was performed.
- Role: details the role with which the action was performed.
- Account: if the action has taken place on an account, it will be indicated on which one in this section.
- DB: name of the final system
- Group: details the group with which the action was performed.
- Network
- Machine
- Printer
- Domain
- Domain value
- Mail domain
- Mail list
- Mail list belongs
- Parameter
- File
- Authorization
- Federation
- Users domain
- Passwords domain
- Jump servers group
- OAM session id
- Action code
Actions
Query buttons | Allows you to query accounts through different search systems, Quick and Advanced. |
Table filter | It allows you to filter a column in the table based on the results loaded in it. |
Download CSV file | Allows you to download a csv file with the information of audit records. |
View |
Allows you to add or remove columns to the table. It is also possible to change the order of the columns. |
Examples
Common querys
Here you have a list of common Advanced searches, you only have to copy, paste and search, e.g.
// User changes trace
calendar ge "2020-01-01T00:00:00.000+01:00" AND user co "admin"
// User actions trace
calendar ge "2020-01-01T00:00:00.000+01:00" AND author co "admin"
// Soffid accounts
calendar ge "2020-01-01T00:00:00.000+01:00" AND user co "admin" AND database co "soffid"
// Created accounts
calendar ge "2020-01-01T00:00:00.000+01:00" AND action co "C" AND object co "SC_ACCOUN"
// Removed objects
calendar ge "2020-01-01T00:00:00.000+01:00" AND action co "D" AND object co "SC_ACCOUN"
Date/Time: date on which the action was performed.Author: user who launched the task. When the author is empty, the Syncserver launched this task.Purpose: is the name of the internal object (also the table of the database) which the action was performed.Source IPUser: identity who performed the action.Information system:details on which information system the action was performed.Role: details the role with which the action was performed.Account: if the action has taken place on an account, it will be indicated on which one in this section.Group: details the group with which the action was performed.Action: the task performed is specified.