Opening an audit log

When you log on to iBase Audit Viewer, you open a security file that defines the permissions for the user account to which you are logged on. When your credentials are recognized, you can select the type of log you would like to view.

Procedure

When you have started Audit Viewer, select Logon to log on to a security file without opening a log or archive.

Select one of the following commands from the File menu:

Option	Description
Open Database Log File	Displays the database log for viewing.
View Security Log	Displays the security log for viewing.
Open Archive File	Displays an archive of an audit log.
Open SQL Server Archive	Opens the SQL Server archive database. (Note: You must specify a valid archive database and not a standard iBase database.)

Results

The viewer opens each log or archive in a separate window with a title bar matching the title of the log or archive. You can maximize the window within the application window. On opening each log or archive, the viewer displays all of the logged actions today, meaning the day of viewing the log.

Note: Slight differences in the contents of the window occur depending on whether database logs, security file logs, or archives are viewed.

The grid displays the audit log data, one logged action on each row. For database logs, the columns in the grid are:

Date: The date and time of the action.
User: The iBase logon name of the user for the action.
Action: The action, such as Database Opened or Record Added. Double-click the action to display the detail.
Record ID: The iBase record identifier, if the action referred to an individual record, or blank if the action refers to multiple records as the result of a bulk import. If Audit History is turned on, double-clicking the record ID displays the history of that record.
Extra Detail: The contents of a field chosen by the database designer if the action referred to a specific record.
Location: The location of the user performing the action.; Note: The location for the user is recorded at the time the log entry is made. Subsequently, the location may have been edited, but the log reflects the correct location at the time of the action.; Filtering by location will not identify the records which a user owns (if you are using owner hyperlink fields), only those records that they create or update.
Network Login: The machine and user identifier of the user performing the action, as identified by Microsoft™ Windows™. This uniquely identifies users who log on using single sign-on rather than an iBase user account.; Note: The network login is displayed in both the User and Network Login columns for changes made outside of iBase as the machine name cannot be determined for this type of change.
Detail: Information, typically the item affected or setting changed by the action.

What to do next

You can change the rules used to display the log entries on the Selection Criteria and Actions pages. To apply your changes, click Refresh.

On the Selection Criteria page, for example:

You can extend the date range if there is no data shown for today.
You can view subsets of log data based on various criteria. For example, actions made at a time of day specified by start and end times, on particular days of the week, or by a specific user.

On the Actions page:

You can filter the types of actions displayed. For example, you might want to know when a database is opened.
You can change the type of actions that are available for display by selecting an audit level in Display actions

You can use wildcards to include or exclude specific log entries. For example:

Entering [!user1] in Detail (contains) excludes log entries containing user1 in their Details field.
Entering [user1] includes these log entries.