How to view active admin change/delete logs.
|Article:TECH115308|||||Created: 2009-01-16|||||Updated: 2009-01-20|||||Article URL http://www.symantec.com/docs/TECH115308|
Is there a way to view changes that were made by an account with active admin privileges?
Investigating Changes/deletions that were made using an active admin privileged account.
These changes can only be made or recorded by an account that has active admin privileges. Performed through a query. These logs can be viewed on any console even a remote console. The only restriction is data pertains to only one
A limited history of such changes/deletions may be viewed through a query. If your environment supports multiple BVIS a query must be run on a console for each BVIS.
- To view Active admin change and delete logs;
Log onto a RMS Console
Open a new query ( redbook icon)
It will open the following window;
Check the show advanced datasources box
The next window will appear additional options. Select and expand BindView ActiveAdmin Session Logs.
Below You will see two sub categories
- Change Log - Provides access to information regarding changes to fields made using ActiveAdmin
Delete Log - Provides access to information regarding records deleted from data sources using ActiveAdmin.
Choose the log that you care to review by double clicking on the selection -> change or delete logs
Example of the delete log query by default;
Results from a simple Delete log query;
NOTE: Located under custom folder the ability to add time/date stamp formats pertain to when the query was run. Not to be mistaken with when the active admin function was implemented. This may be useful if more than one person runs the query often and would like a time line of when the query was run.
Results from a simple Change log query;
In Addition: Selecting the red arrow in the columns labeled such as Comment will display more details of the specific field such as;
NOTE: Located under custom folder the ability to add time/date stamp formats pertains to when the query was run. Not to be mistaken with when the active admin function was implemented. This may be useful if more than one person runs the query often and would like a time line of when the query was run.
Article URL http://www.symantec.com/docs/TECH115308