Audit trails
Content Manager produces audit trails for changes to the information in its dataset using an online audit log called active audit events, and an offline log in the form of log files.
There is a one-to-one relationship between the online and offline audit events.
You can choose the Content Manager objects to log the key activities create, modify and delete for. Typically, it is your organisation's Content Manager administrator who configures Content Manager to log these by using the Content Manager Audit Options - Active Audit Events page - see Audit Options.
For the selected objects, Content Manager saves the activities in the Content Manager database, and you can retrieve them by searching for active audit events. See Finding specific active audit events.
To configure active audit events for records, use the configuration options in the Record Type's Audit page - see Record Type Audit page.
You can search Content Manager for active audit events using a large selection of criteria.
See Finding specific active audit events for search and view options.
In the management of physical records, it is sometimes necessary to allow records to be marked to a Location with a lower security profile than the record itself.
If this was completely disallowed by Content Manager, records that physically moved to such a Location could not be tracked in the system. This is why many organisations decide to allow the movement. However, every such movement incurs a security violation in Content Manager.
You can find security breaches by searching for active audit events, and then filtering your search results by the option Security Violations Only. The Content Manager administrator can then view and investigate them.
The offline audit log is produced by the Workgroup Server event processor, which is configurable through Content Manager Enterprise Studio. Even if the Workgroup Server was down, Content Manager would queue the messages and process the events when it is online again.
The event processor writes a text file with the extension .talf continuously as the event processor receives the events. Content Manager closes the .talf file at the end of each day and creates a new file for the next day's events.
You can choose to automatically check in the closed audit log file to Content Manager as part of this end-of-day processing by using the option Automatically check in offline audit files into OpenText Content Manager. See Audit Options.
Like any other electronic document, you can also manually create a record from the audit log file, for example, by dropping it on a Content Manager window.
When the log files are in Content Manager, it also indexes their content, which makes them retrievable using its document content search function. This may help in providing diagnostic assistance by reviewing the log files.
When the audit log file is in Content Manager, you can view it by right-clicking the record, and clicking View.
You can also open the audit log .talf file directly from its Windows folder.
In both cases, the Content Manager Log View application displays the log file in an easy-to-read table format. It also uses a view pane, which displays details about the selected event, depending on how summaries are configured. See also Log event summaries below.
In addition to the standard columns, log event summaries appear in a variable number of columns to the right.
The offline log records the time of an event in the columns Time, which is Greenwich Mean Time (GMT), Time (Source), which the time in the time zone where the user created the event, and Time (Server), which is the event processor's Workgroup Server time when the event occurred.
You can set up Content Manager to generate detailed summaries for active audit events and the offline audit log. These can include all create, modify and delete event details.
To configure detailed summaries for the logs in Content Manager, see Audit Options, General tab.
Related information