Auditing Report Configuration
ITM On-Prem (ObserveIT) enables you to generate reports that provide summary audit log information about user logins, sessions, and saved sessions, in which console users were active on monitored Windows, Mac, or Unix-based endpoints. For example, if an Agent's recording was turned off or changes were made in a Recording Policy configuration, you can report on exactly who did this, and when it happened. These reports are valuable for security auditing and change management.
This topic describes the metadata that you can select to be included in reports based on audit log information (see Report Types). These reports can be generated for Windows, Mac, or Unix-based endpoints.
For detailed instructions on the steps required to create a report, see Creating a Custom Report.
You can generate reports on the following types of information:
-
Audit Logins: Logins to the Web console
-
Audit Sessions: Recorded sessions playback
-
Audit Saved Sessions: Recorded sessions that were exported
Audit Logins
To create a report on Audit Logins, you can select the following fields to be displayed as columns in the report:
| Type | Column | Description |
|---|---|---|
|
Audit Logins |
Status |
Login was successful or failed |
|
Description |
Description of the login (if relevant) |
|
|
Login Date |
Date of the login |
|
|
Login Date Time |
Time of the login date |
|
|
Login Time |
Time of the login |
|
|
Audit User Name |
Console user that accessed the Web Console |
|
|
Audit Domain Name |
Domain name (if the Console user is configured with an external Active Directory or LDAP domain) |
|
|
Client |
Client IP address used to log in to the Web Console |
Audit Sessions
When creating an Audit Sessions type report, you can specify types of columns for:
-
Audit Sessions fields: as described in the table
-
Session fields: see Session Report Configuration
-
Endpoint fields: see Endpoint Report Configuration
-
User fields: see User Report Configuration
| Type | Column | Description |
|---|---|---|
|
Audit Sessions |
Accessed Date |
Date and time the audit entry was created |
|
Operator Name |
Console User that logged in to the Web Console |
|
|
Audit Time |
The time that the audit entry was created (that is, when the user opened the Video player for the session) |
|
|
Operator Domain Name |
Domain name (if the Console user is configured with an external Active Directory or LDAP domain) |
|
|
Client |
Client IP address used to log on to the Web Console |
|
|
Audit Date |
Date that the audit entry was created. |
Audit Saved Sessions
When creating aAudit Saved Sessions type report, you can specify types of columns for:
-
Audit Saved Sessions fields: as described in the table
-
Session fields: see Session Report Configuration
-
Endpoint fields: see Endpoint Report Configuration
-
User fields: see User Report Configuration
| Type | Column | Description |
|---|---|---|
|
Audit Saved Sessions |
Action Time |
Date and time that the audit session was saved |
|
Session Name |
Name of the saved audit session |
|
|
Requested Slides |
Specified slides to be included in the saved session |
|
|
Audit Domain Name |
Domain name (if the Console user is configured with an external Active Directory or LDAP domain) |
|
|
Audit User Name |
Console user that accessed the Web Console |
|
|
Total Slides |
Actual number of slides in the saved session |
|
|
Action Type |
Audit action that was detected - Download or Delete |
See also