Viewing audit logs

You can use the Audit Viewer to view the audit entries for a database that has already been configured for auditing. The physical form and location of logs is different for security files and database files. In addition different options are available for Microsoft Access databases, and SQL Server databases.

To view audit entries, you must be a system administrator, a database administrator, or an audit administrator. However, it is important to note that not all entries might be accessible:
  • Some users generate restricted audit log entries that you need the Audit Administrator role to view.
  • Some audit log entries are hidden if SC codes are used (you can only view the entries for records that match your security classification).
The level of detail in the audit log is determined by the audit level set for the database within iBase Designer, and any changes to that audit level will affect the creation of future entries in the log, not previous actions that have already occurred. You can open multiple windows to inspect logs for several databases if those databases are managed through the same security file.
You can view the audit logs for security files and databases:
  • Security file logs record the opening of databases, failed logon attempts, and a range of administrative actions such as creating templates, and managing users and groups.
  • Database logs record all the requested actions within databases, and the closing of databases. Actions are recorded regardless of origin: users can request database actions from i2 iBase Designer, i2 iBase, i2 Analyst’s Notebook, or third party mapping applications. You can inspect logs for several databases provided that those databases are managed through the same security file.
Viewing the audit logs allows you to monitor usage of iBase databases and commands. For example, you can find:
  • Failed logons.
  • Microsoft Access to databases by unexpected users or at unusual times.
  • Use of commands that send data outside of iBase: to a printer, to a file, or to an external application such as Analyst’s Notebook or a mapping application.
  • History of changes to single iBase entity or link records and who made them (if you log historical information).
  • Journal Entries detailing the specific comments of an individual user.

As audit logs are potentially very large files, which the viewer displays as a grid of rows and columns, where each row represents an action on a database or security file and each column provides a different piece of information about an action. Much of Audit Viewer is designed to provide ways to identify and arrange actions (the rows) that are interesting or related in some way.

You can:
  • Print the displayed actions
  • Export the actions to a file for further analysis using a spreadsheet, database, or other visualization tool
  • Archive them to a standalone database file