4.3.6. Audit Log Settings (On Premise deployments only)

 

In order to provide a complete view of user actions IRM provides a robust Audit Log feature.  This feature is available only to admins, due to the broad and potentially sensitive nature of the information that can be extracted from it.  Among other things, the Audit Log captures basic HTTP traffic information flowing between the IRM server machine and any externally-running component, such as the IRM Web Client, Linkware Live, or the BMC application suite. 

 

See Audit Log for details.

 

From the Global Console Settings Admin users can set the log level using the Audit Log Level field to control the verbosity of the Audit Log. Depending on the value chosen, the Audit Log will show more or less data about each activity log entry.

 

There is an admin-controlled switch for enabling and disabling the existing Irm User Log (Global Console Settings - enable User Activity Log) and the Audit Log independently (by setting the Audit Log Level to Off) – either, both, or none can be enabled depending on the needs of the customer. 

 

The Audit Log is able to create meaningful summary data and create reports. In other words, this interface provides a mechanism for extracting data from the Audit Log system in a way that can be analyzed or processed further in some other system.  For the most detailed forensic investigations to be conducted, extracting and further processing of the Audit Log entries will usually be necessary.  The following subtopic explains more about this and additional features.