cancel
Showing results for 
Search instead for 
Did you mean: 

Auditing actions taken in Discovery Accelerator

jgirotto
Level 4

Is there any auditing of actions performed in Discovery Accelerator 2007 SP4? Can I determine from a log or something who performed what action, such as exports, holds, searches, etc.?

 

Thank you,

Jeff

1 ACCEPTED SOLUTION

Accepted Solutions

Liam_Finn1
Level 6
Employee Accredited Certified

Jeff,

 

WhatI described will tarck searches from search.asp and search.asp?advanced but since DA uses the same code to perform searches on the EV servers it also will track searches performed via DA. The only difference is that a searches performed on search.asp is performed by the user and so the user ID will show in the report whereas a search performed via DA is submitted by DA to the EV servers using the service account so as to have the rights to search all vaults therefore the user ID assigned to the search in the audit database is the service account and not the user ID who logged into the DA console.

View solution in original post

5 REPLIES 5

Liam_Finn1
Level 6
Employee Accredited Certified

Auditing like this ia activated in EV not on DA. It will audit any searches performed

 

It wont track Legal holds or exports

 

In the VAC go to servers right clivk on each server and under the auditing tab you activate auditing and select what you want to audit

 

to audit searches select Advanced Search option

 

Note one thing. when a search is performed in DA the search is sent to the EV server by the service account. In the audit log all searches will show as being performed by the service account

Message Edited by Scanner001 on 02-13-2009 08:05 AM

sleddog
Level 5
Partner

Jeff.. I think you may be looking for the Chain of Custody Reports

 

http://seer.entsupport.symantec.com/docs/294327.htm

 

 

scott hastings

jgirotto
Level 4

Thank you.

 

It sounds like this action would audit searches performed in Enteprise Vault using the web interface http://localhost/EnterpriseVault/search.asp?advanced or http://localhost/EnterpriseVault/search.asp, not searches performed in the Discovery Accelerator tool. Would that be correct?

 

Also, thank you, Scott. I think you may have actually setup chain of custody reports for us when you onsite a year ago! Nice to hear from you! :) That is good stuff in that it generates case information. I'm not sure it is the activity auditing I'm referring to.

 

Thank you,

Jeff

Liam_Finn1
Level 6
Employee Accredited Certified

Jeff,

 

WhatI described will tarck searches from search.asp and search.asp?advanced but since DA uses the same code to perform searches on the EV servers it also will track searches performed via DA. The only difference is that a searches performed on search.asp is performed by the user and so the user ID will show in the report whereas a search performed via DA is submitted by DA to the EV servers using the service account so as to have the rights to search all vaults therefore the user ID assigned to the search in the audit database is the service account and not the user ID who logged into the DA console.

jgirotto
Level 4

Thank you both. My question has been answered.

 

Jeff