Viewing Audit Trail Records

Audit trail records are events caused when an operator modifies a record, such as a badge or personnel record. Audit trail records include the user who performed the action, the date, time, and the state of the object before and after the edit. To view audit trail records, do the following:

Step 1            Select Audit Trail from the Reports menu. The main window shows the most recent audit records.

audit_trail.png

Step 2            Modify the list of records using the following toolbar controls:

·         Scroll Lock: Disable or enable automatic scrolling of the list as new audit records are inserted.

·         Report...: See Creating Reports.

·         Columns...: See Revising the Column Display

·         Filter: See Using Filters

Step 3            Select a record and click View... to open the detail window. You can also double-click the record.

view_audit_trail_detail.png

Step 4    Review the properties and actions for the record. See the following table for field descriptions.

 

Audit Trail Event Properties

Field

Description

Time

The time the event was received and stored in the database. If the event was processed by an external device such as a controller, this may differ from the time, depending on delays or interruptions in communications between the host and the device.

Description

A description of the event.

Site

A site is a single instance of an ICPAM database.

Log Code

The internal code to identify the event. Log codes can be viewed in the Event Policy Manager and defined as alarms. See Modifying Default Event Policies .

Type

The type of event. The types of events are:

·         Event: A general occurrence within the system, often from external hardware such as a controller. 

·         Alarm: An event configured to be an alarm.

·         Alarm Annotation: An event caused by commenting, clearing, or acknowledging alarms.

·         Audit Record: An event caused by an operator modifying a record, such as a badge or personnel record.

·         Device Command: An event caused by an operator executing a device command.

·         Device Command Result: Notification of a completed device command.

Priority

The importance level assigned to the event. Priorities range from a low of -10 to a high of 10. To configure these priorities, see Setting Event and Alarm Priorities.

Device

The device associated with the event, such as a workstation or hardware module.

·         Edit...: Displays information about the device including type, name, and address. Some fields are editable, depending on the type of device.

·         View Status...: Displays the status of the associated device. For example, if the workstation is logged in to the system or if the hardware module is enabled.

·         Commands: lists any available commands for the device. For example, apply a controller configuration, or send a message to a workstation.

·         Show in Graphics Map: see Map Viewer.

Credential

If the event has an associated credential (such as a badge or login), the identifying information of the credential (such as a card or username) is displayed in this field.

·         Edit...: Revise the credential (badge, login, etc.) record associated with the event.

Watch Level

Displays the Credential Watch Level for the badge associated with the event. See Adding a Color Border to Event Photos (Credential Watch).

·         Edit...: Revise the credential watch level associated with the badge.

Personnel Record

If a personnel record is associated with the event, this field displays the person’s name.

·         Edit...: Edit the personnel record associated with the event.

·         View Photo...: Displays the associated personnel record photo, if any.

Data

This field displays detailed information about the event, the exact value and meaning of which depends on the type of event. This field is generally for advanced or troubleshooting use. If the event is associated with an attempt to gain access to an access point using a badge that is not in the database, then this field contains the card number.

Modified Record

The item changed by the user.

·         View Current...: Opens a detail window of the modified record, as it exists currently.

·         View Before...: Opens a detail window of the modified record, as it existed before the modification.

·         View After...: Opens a detail window of the modified record, as it existed after the modification.

 

See also:

Viewing Events, Alarms and Audit Trail Records