Security Audit Report
The Security Audit Report enables you to generate a report that includes the following actions for one or more people over a specific period of time:
- Account Lock-out
- Authentication
- Login
- Password Change
- Restricted IP
- Restricted IP hop
- Unknown User Login
- User Logout
- Proxy Access
Note: Data for Password Change is collected daily at 11pm local time. This means that if you run a report that includes the current day, any password changes that were made on the current day will not appear in the report until the next day.
Run the report
- From your Report Library, click tap Run Report
- In the Select Report panel, select Audit > Audit Report and click tap Select.
- In the Audit Report panel, select the parameters:
- Audit Types — Click Tap
and then in the Audit Types panel, select the audit types to include in the report. When finished click tap Apply. - Start Date and Finish Date — Enter the starting and ending dates to audit. Click Tap
to use the calendar. - In one of the following fields, enter the user name or user ID of the person or persons to query for actions. If you enter information for different people in each field, all people entered will be listed in the report.
- User — Enter the user name of the person or persons to query for actions. Separate multiple people with commas.
- Select User ID — Enter the user ID of the person or persons to query for actions. Separate multiple entries with commas.
- Note: To identify the user names and/or user IDs, refer to the people records in Maintenance > People Information from the Main Menu.
- Output Format — Select one of the following:
- Click Tap Run report. An In progress message appears while the report is running.
- Click Close
to close the panel. - When the report is finished, the report appears in the Report Library. Select the report and click tap Run Report.
Report content
The upper right corner of the report lists the following information:
- Executed on — The date and time that the report was run.
- Printed for — The name for the person printing the report.
- User — The user name of the person or persons reported.
- User ID — The user ID of the person or persons reported.
The report contains the following columns:
- Type — Type of action
- Item — Name of the person running the report
- Action — Success or Failure
- Date — Date and time of the action
- User IP — IP address of the user who made the action
- User — The user name of the person who made the action
- Comment
- Application — Identifies the following platforms and applications for login, account lockout, impersonation, and password change events. The column is blank if the device type cannot be identified.
- Desktop
- WebBrowser-Windows
- WebBrowser-Mac
- WebBrowser-Unix
- Mobile device using browser
- MobileBrowser-Android
- MobileBrowser-iOS
- MobileBrowser-Windows
- Mobile device using app