Audit Log

Posted: August, 17 2009

Use the Audit Log to maintain and access a record of all ePO user actions.

The Audit Log entries display in a sortable table. For added flexibility, you can also filter the log so that it only displays failed actions, or only entries that are within a certain age.

The Audit Log displays seven columns:
• Action — The name of the action the ePO user attempted.
• Completion Time — The time the action finished.
• Details — More information about the action.
• Priority — Importance of the action.
• Start Time — The time the action was initiated.
• Success — Specifies whether the action was successfully completed.
• User Name — User name of the logged-on user account that was used to take the action.

Audit Log entries can be queried against. You can create queries with the Query Builder wizard that target this data, or you can use the default queries that target this data. For example, the Failed Logon Attempts query retrieves a table of all failed logon attempts.

Working with the Audit Log

Use these tasks to view and purge the Audit Log. The Audit Log records actions taken by ePO users.

Viewing the Audit Log

Use this task to view a history of administrator actions. Available data depends on how often and by what age the Audit Log is purged.

Before you begin
You must have appropriate permissions to perform this task.

Task
For option definitions, click ? on the page displaying the options.

1 Go to Reporting | Audit Log. The details of administrator actions are displayed in a table.
audit_log_mcafee_epo_4-5
Figure 5: Audit Log page

2 Click any of the column titles to sort the table by that column (alphabetically).
3 From the Filter drop-down list, select an option to narrow the amount of visible data. You can remove all but the failed actions, or only show actions that occurred within a selected amount of time.

4 Click any entry to view its details.
audit_log2_mcafee_epo_4-5
Figure 6: Audit Log Entry Details page

Purging the Audit Log

Use this task to purge the Audit Log. You can only purge Audit Log records by age. when you
purge the Audit Log, the records are deleted permanently.

Before you begin
You must have appropriate permissions to perform this task.

Task
For option definitions, click ? on the page displaying the options.
1 Go to Reporting | Audit Log.
2 Click Purge.
3 In the Action panel, next to Purge records older than, type a number and select a time
unit.
4 Click OK.
All records older than the specified time frame are purged.

Purging the Audit Log on a schedule

Use this task to purge the Audit Log with a scheduled server task.
Before you begin
You must have appropriate permissions to perform this task.

Task
For option definitions, click ? on the page displaying the options.
1 Go to Automation | Server Tasks, then click New Task. The Description page of the Server Task Builder wizard appears.
2 Name and describe the task, then click Next. The Actions page appears.
3 Select Purge Audit Log from the drop-down list.
4 Select whether to purge by age or from a queries results. If you purge by query, you must
pick a query that results in a table of Audit Log entries.
5 Click Next. The Schedule page appears.
6 Schedule the task as needed, then click Next. The Summary page appears.
7 Review the task’s details, then click Save.

You may also be interested in:


McAfee Training
McAfee Home
About McAfee Training
Frequently asked questions
Contact Us
Sitemap
Training Courses
CA Threat Management Training
Network Instruments Training
McAfee EPO 4.5 Training
McAfee Endpoint Encryption
Customer Service
Request a Call back
ePO 4.5 Course Request
Sign Up
Contact Customer service
Articles
Making a dashboard active
Creating Dashboards
Business Connection deals
2GB of Vodafone data + free iPad 2
Monitoring with Dashboards