Auditlog
Introduction
The Auditlog shows recent administrator activity.
Similar to the Summary page, the information available in the auditlog changes depending on the product view selected.
Product views
- Endpoint Privilege Management
- Secure Remote Access
The menu selection Endpoint Privilege Management shows the product view for managing local admin rights on your endpoint clients.
Header
The "Header" is available from every page in the portal. It contains company logos, Product and User Account drop-down menus and the portal main menu.
-
Logos:
Shows the Admin By Request logo and your organization's logo if configured.
To configure a logo in the portal, go to Endpoint Privilege Management > Settings > Windows Settings > Endpoint > BRANDING.
Refer to Branding tab for more information.
-
Product drop-down:
Lists products for selection:
-
Endpoint Privilege Management
-
Secure Remote Access
-
Mix Products
Choosing a product adjusts the options available under other menus. The Mix Products selection combines both Endpoint Privilege Management and Secure Remote Access so that all menu options are available.
-
-
User Account drop-down:
Shows the name of the organization and name + email of the logged-in user. Also provides Change password and Sign out links.
-
Main menu:
To find out more about each main menu option in the portal, click its corresponding link below.
Summary Auditlog Requests Inventory Reports Settings Download Logins Docs Support
Tabs
The auditlog provides tabs for examining the following entries:
-
RUN AS ADMIN - workstation
-
ADMIN SESSIONS - workstation
-
SERVERS - all events
For any tab, in the table displayed, right-click column headings for sort, search, group and filter options.
For an entry in the table, click the name of the endpoint (Computer column) to go to its Inventory record and use the > (expand) symbol at left to drill-down into an entry for further analysis.
This example shows what is recorded in the auditlog under tab RUN AS ADMIN for application Local Users and Groups when run by user Administrator:
Note the following:
-
Activity shows the number of installs / uninstalls / elevated processes (0/0/1 in this example). If a number is red, an alert was generated and is available in the Alerts log (Reports > Endpoint Reports > Events > ALERTS).
-
Indicates the settings that were applied (Global Settings in this example). If sub-settings were applied, the name of the sub-setting is given here.
-
Shows the current "popularity scores" for AI approvals (10 for application and 100 for vendor in this example). In the portal, go to Endpoint Privilege Management > Settings > Windows Settings > App Control > AI APPROVAL to adjust app and vendor auto-approval scores.
-
Use the links here to pre-approve or block this application (applies to RUN AS ADMIN only). In the portal, go to Endpoint Privilege Management > Settings > Windows Settings > App Control > PRE-APPROVE / BLOCK to pre-approve or block apps.
-
This table provides the file name and vendor of the application. Use this information when pre-approving or blocking by file or vendor.
Legend
The right-most column in the auditlog table (no column heading) shows an icon indicating the type of each endpoint. The legend below the table matches icons with platform names.
Users listed in red in column User are administrators.
Buttons
Search
Use this button to search the auditlog. Right-click the table column headings and select any combination of the options available for further group, search and filter options.
Aggregated View
Produces a report showing which applications are elevated the most.
The page that opens is the same as that opened via portal menu Reports > User Reports > Elevated Applications.
Export buttons
Four export buttons are also provided:
-
Export to PDF
-
Export to XLSX
-
Export to CSV (;)
-
Export to CSV (,)
The menu selection Secure Remote Access shows the product view for managing your endpoints that can be remotely accessed.
Header
The "Header" is available from every page in the portal. It contains company logos, Product and User Account drop-down menus and the portal main menu.
-
Logos:
Shows the Admin By Request logo and your organization's logo if configured.
To configure a logo in the portal, go to Endpoint Privilege Management > Settings > Windows Settings > Endpoint > BRANDING.
Refer to Branding tab for more information.
-
Product drop-down:
Lists products for selection:
-
Endpoint Privilege Management
-
Secure Remote Access
-
Mix Products
Choosing a product adjusts the options available under other menus. The Mix Products selection combines both Endpoint Privilege Management and Secure Remote Access so that all menu options are available.
-
-
User Account drop-down:
Shows the name of the organization and name + email of the logged-in user. Also provides Change password and Sign out links.
-
Main menu:
To find out more about each main menu option in the portal, click its corresponding link below.
Summary Auditlog Requests Inventory Reports Settings Download Logins Docs Support
Tabs
The auditlog provides tabs for examining the following entries:
-
UNATTENDED ACCESS
-
REMOTE SUPPORT
For any tab, in the table displayed, right-click column headings for sort, search, group and filter options.
For an entry in the table, click the name of the endpoint (Computer column) to show auditlog entries for only that endpoint.
Legend
The time a remote connection occurred is shown in the Time column and can be displayed in either local time for the portal user (i.e. you) or server time. Click Your Time < > Server Time to toggle from one to the other.
Buttons
Search
Use this button to search the auditlog for Unattended Access entries. For Remote Support entries, right-click the table column headings and select Search Panel to display the search text entry panel.
Export buttons
Four export buttons are also provided:
-
Export to PDF
-
Export to XLSX
-
Export to CSV (;)
-
Export to CSV (,)