02-13-2009 07:53 AM
Is there any auditing of actions performed in Discovery Accelerator 2007 SP4? Can I determine from a log or something who performed what action, such as exports, holds, searches, etc.?
Thank you,
Jeff
Solved! Go to Solution.
02-13-2009 09:05 AM
Jeff,
WhatI described will tarck searches from search.asp and search.asp?advanced but since DA uses the same code to perform searches on the EV servers it also will track searches performed via DA. The only difference is that a searches performed on search.asp is performed by the user and so the user ID will show in the report whereas a search performed via DA is submitted by DA to the EV servers using the service account so as to have the rights to search all vaults therefore the user ID assigned to the search in the audit database is the service account and not the user ID who logged into the DA console.
02-13-2009 08:01 AM
Auditing like this ia activated in EV not on DA. It will audit any searches performed
It wont track Legal holds or exports
In the VAC go to servers right clivk on each server and under the auditing tab you activate auditing and select what you want to audit
to audit searches select Advanced Search option
Note one thing. when a search is performed in DA the search is sent to the EV server by the service account. In the audit log all searches will show as being performed by the service account
02-13-2009 08:19 AM
Jeff.. I think you may be looking for the Chain of Custody Reports
http://seer.entsupport.symantec.com/docs/294327.htm
scott hastings
02-13-2009 08:24 AM
Thank you.
It sounds like this action would audit searches performed in Enteprise Vault using the web interface http://localhost/EnterpriseVault/search.asp?advanced or http://localhost/EnterpriseVault/search.asp, not searches performed in the Discovery Accelerator tool. Would that be correct?
Also, thank you, Scott. I think you may have actually setup chain of custody reports for us when you onsite a year ago! Nice to hear from you! :) That is good stuff in that it generates case information. I'm not sure it is the activity auditing I'm referring to.
Thank you,
Jeff
02-13-2009 09:05 AM
Jeff,
WhatI described will tarck searches from search.asp and search.asp?advanced but since DA uses the same code to perform searches on the EV servers it also will track searches performed via DA. The only difference is that a searches performed on search.asp is performed by the user and so the user ID will show in the report whereas a search performed via DA is submitted by DA to the EV servers using the service account so as to have the rights to search all vaults therefore the user ID assigned to the search in the audit database is the service account and not the user ID who logged into the DA console.
02-13-2009 10:04 AM
Thank you both. My question has been answered.
Jeff