Determining Which Repository Events are Logged
For a complete list of audit events, see Audit Event Descriptions.
Laserfiche Audit Trail determines which events will be logged by first checking who is logged into the repository. Once it knows which user has logged into the repository, it will check that user's audit settings for two possible types.
- Group membership: If the logged in user has been configured to inherit its audit settings by group membership, and any of the groups to which the user belongs have been configured to audit an event, that event will be audited for the user.
- User configuration: If events have been specifically assigned to the logged in user, only those events will be audited. The selected auditing events for the groups to which the user belongs to will be ignored.
Note: Windows Accounts and LDAP groups and users can be audited just like Laserfiche groups and users. The term "user" can apply to a Laserfiche, Windows Accounts or LDAP user; the term "group" applies to either a Laserfiche, Windows Accounts or LDAP group.
Note: To ensure certain events are logged for all users, enable auditing on the event for the Everyone group. The Everyone group is a special account, listed under the Users and Groups node, that always includes all users.
By default, new repositories audit successes on the Everyone group in the audit classes:
- Account
- Annotation
- Auditing
- Entry
- Metadata Definitions
- Page
- Privileged Operations
- Records Management Actions (if applicable)
- Records Management File Plan (if applicable)
- Session
- Volume
Use the Administration Console or web client management page to configure additional options.
To determine which events are logged
- Open the Laserfiche Administration Console and expand the desired Laserfiche Server in the left pane.
- Select the desired Laserfiche repository.
- If security has been enabled on that repository, log in as any user who has been granted the Manage Audit Settings privilege for the specified repository.
- Expand the Users and Groups node.
- Select the Repository Users, Repository Groups, Windows Accounts, Laserfiche Directory Accounts, or LDAP Management node. Keep in mind that a user can either inherit audit settings from the groups to which he or she belongs or auditing can be limited to the events selected for a user.
- Right-click the desired user or group and select Properties.
- Click the Auditing
tab.
Note: A collection of events may have Success already selected. These "typical" events are selected and audited by default when creating a repository. It includes all events except those that are performance intensive, unnecessarily bulk up the audit logs, and generally too specific for most organizations' needs. Click Set Typical to reselect this default collection if it has been modified.
- Do one of the following:
- For the selected user or group to inherit audit event settings from the groups to which it belongs, select Group membership. Click Audit Events to see the events that will be audited for the selected user or group, based on the other groups to which they belong. Click Close to close the Audit Events dialog box. Click OK to save your settings. Go to step 12.
- To determine which events will be audited for the selected user, select Selected events. Go to the next step.
- For each event group, select or clear the
check box under the Success column depending on whether the event should
be logged when successfully performed. For a complete list of audit events, see Audit Event Descriptions.
Important: The Entry Listing audit event will log every time a user browses to a document, even if they do not open it. For instance, if a user opens a folder, this event will log every document that they can see in that folder, and if they perform a search, it will log every event in that search, even if they do not open any of the documents. Since this will result in a huge volume of logged events and very large audit logs, we recommend only enabling this option if your compliance policy requires you to do so.
- For each event group, select or clear the check box under the Failure column depending on whether the event should be logged when an unsuccessful attempt to perform it occurs. For a complete list of audit events, see Audit Event Descriptions.
- Click Set All to select all the events and Clear All to clear all events.
- Click OK.
- Repeat steps 6 - 12 as needed.
Note: To audit LDAP events, select Account. To audit Electronic Data events, select Entry.
Note: To run a report on Entry Listing events, select Browse Entry under View Content in the Audit Reporter.
To determine which events are logged
- Open the Laserfiche web client management page and sign in as any user who has been granted the Manage Audit Settings privilege for the specified repository.
- Navigate to the Users page or the Everyone page. On the Users page, you can further select the Users or Groups tab, depending on which type of trustee you are interested in.
- Select the desired user or group.
- Click the Auditing
tab.
- For the selected user or group to inherit audit event settings from the groups to which it belongs, select Inherit audit settings from group membership. The events that will be audited for the selected user or group will be displayed.
- For each event group, select or clear the
checkbox under the Success column depending on whether the event should
be logged when successfully performed. For a complete list of audit events, see Audit Event Descriptions.
Important: The Entry Listing audit event will log every time a user browses to a document, even if they do not open it. For instance, if a user opens a folder, this event will log every document that they can see in that folder, and if they perform a search, it will log every event in that search, even if they do not open any of the documents. Since this will result in a huge volume of logged events and very large audit logs, we recommend only enabling this option if your compliance policy requires you to do so.
- For each event group, select or clear the checkbox under the Failure column depending on whether the event should be logged when an unsuccessful attempt to perform it occurs. For a complete list of audit events, see Audit Event Descriptions.
- Click Save.