Audit Options

Content Manager can log everything that happens to its data or its settings. It can do so with two logs, which you can also check in to Content Manager as records:

  • an offline audit log
  • an active audit log

For any logging to happen, you must also enable the Content Manager Audit Log event processor. See Content Manager Enterprise Studio Help topic Configuring event processing.

For general information about the two logs, see Audit trails.

For the logging options, on the Administration menu, click Audit Options.

The Content Manager Audit Options dialogue box appears:

  • Produce an offline audit log - select to turn on offline logging. Using the options below, you can also automatically check in the log files to Content Manager as records.

To generate log summaries for individual log items in the active and offline audit logs. Please note that these can be extensive, and make sure there is sufficient storage space when choosing to produce summaries.
To view summaries for active audit events, see Finding specific active audit events.
To view summaries for offline audit log items, see topic Audit trails, Viewing offline audit files.

Select the Content Manager detailed log summary event types and options:

  • Creating a new item - records non-default values when an item is created
  • Modifying an existing item - records all changes
    • Record old values in the modification summary - only applies to the generic record created, record modified and record delete events. No other event type has this summary data. Clear to display only the new values.
  • Deleting an item - records item non-default values when it is deleted
  • Record large text values in detailed summaries - select to record changes to large amounts of text, for example in Notes fields. When selected, these large amounts of data add significantly to the amount of data that summaries create. Ensure that storage space is adequate before selecting this option.
    When not selected, Content Manager records merely a comment that Notes text was modified in the detailed summaries.

Auditing of record searches - a Search Executed event can be captured and stored in the active audit event and/or offline audit logs.

  • Store in the active audit event log - select to store record search details in the active audit event log.
  • Store in the offline audit log - select to store record search details in the offline audit log.

NOTE: Record searches that are captured as those only run from the Content Manager search editors. Navigation style searches and Show Record searches from Content Manager objects will not generate a search executed audit log entry.

  • Record user login/logout events in the active audit log - select to record user login and logout events in the active audit log and Offline audit log, if being produced. These events can be searched for using the Active Audit Events search object and by searching for the location's name. 
  • Record location relationship changes in the active audit log - select to record changes to location's relationships. Any modifications to the location's Associations will be captured in the active audit log and Offline audit log, if being produced.
  • Provide audit log comments control on property sheets - to display a field on every Properties dialogue in Content Manager to enter comments for the audit log when a user makes a change. The field is visible at the bottom of the dialogues and displays Enter an update comment for the audit log. Content Manager writes the comment to the active audit event field Event Details.
    • Make the entry of audit log comments on property sheets mandatory - select to make user comments on Content Manager Properties dialogues mandatory
  • Record storage transfer activity in the offline audit log - select to record storage transfer activities. See Tiered storage
  • Include record owner names in the offline audit log - select to include the record owner name in the offline audit log.
  • Generate an additional offline audit log using ArcSight Common Event Format - select to produce an additional output file, by default this is written to the same directory as the existing .talf files.
    The format of this file conforms to the ArcSight Common Event Format and therefore can be sent to the ArcSight system for further analysis. This is to allow ArcSight to determine internal vulnerabilities in the security of data based on activities documented in the audit log, in particular an analysis of some of the searchExecuted events.
  • Automatically check in offline audit log files into Content Manager - select to check the log files in to Content Manager
    • Record Type for offline audit log files - to select a Record Type for the checked in log files. It is important to carefully review the security settings for this Record Type, as the audit log can contain sensitive information.
    • Container for offline audit log files (optional) - to select a container for the checked in log files

Tag the Content Manager objects for which Content Manager should log create, modify and delete events in the Active Audit Events log.

When an object in this list is tagged, Content Manager stores the events that occur for items of this type in the Content Manager Active Audit Events list.

You can then review the history of activity for a particular Content Manager item of this type by using the right click menu Security, clicking Active Audit Events.

To configure Active Audit Events for records, use the configuration options in the Record Type's Audit page - see Record Type Audit page.

Tag those Content Manager objects and Location types for which Content Manager should log in the offline audit log when users create them.

Tag those Content Manager objects and Location types for which Content Manager should log in the offline audit log when users modify them.

Tag those Content Manager objects and Location types for which Content Manager should log in the offline audit log when users delete them.

Tag those other Content Manager items for which Content Manager should log activity in the offline audit log.

  • Enter an update comment for the audit log - when making changes to the settings, enter a comment to write to the Content Manager audit log