VOX

Did you enable auditing for 'View' category?  Right-click on EV server -> Properties -> Auditing -> Select "Audit entries based on the following categories" -> Select "View" (both summary and detailed).  Please make sure that DB space is accounted before you enable auditing.

Thanks for the replies.

We are only using FSA.  Users only access files from the placeholders, i.e. They don't use the web search function.  Why not I hear you say...I'm waiting on management approval to advise this to the users! :(

I have looked at the IIS logs and when I access files via the search function on the web I see my user account details in the log, but all other activity which I assume is from the users just opening the placeholder files then I see the vault service account and the ip address of our file system with "FSA+Placeholder+Service" in the log.

Yes, I have auditing switched on for both summary and detailed for VIEW.

So does one only get this audit data when using the search function available on the web?  I do remember reading a pdf published by Symantec that stated something about when files are access via the network then EV can not identify the user...

I have just noticed a Audit Viewer in the utilities pdf, I will have a look at what this tells me.

Thanks.

This link below describes the report I'm using but does not mention any restrictions etc..

http://www.symantec.com/business/support/index?page=content&id=HOWTO28053

Audit Viewer at least can tell you whether information is being audited in the auditing DB.  If it were, see the 'Category' section to see if you can filter based on it to see if it meets your requirements.

Hi, yes the one user is the evadmin user.

I've just run the auditviewer.exe tool and I can see lots of data.  All the view and web view operations are the evadmin user account and some view operations are with my user account when I used the search function.

So the report in EV does not really offer much use in my environment.

Is there anything else that you need for this issue Palinxy?

Nope, the report does not show me any useful data!

Okay, but you have what you need through auditing? I'd suggest contact Symantec Support about the report, posting an idea on the Ideas section of this forum saying that for VSA relating things like FSA that this sort of report should be beefed up....

You may also want to mark one or more of the posts as the solution.

Thanks for the feedback.

Yes, I have found out that using placeholders there is no individual user access tracking because Placeholder service uses the EV service account and thus logs this user.  As mentioned previously we have not yet advertised to users the ability to use search (waiting on management approval to do this...), but this is working ok.  I have noticed the report does seem to include the users that access it via a web search, number of users in the report is > 1.

So to sum it all up, the report does not include access to place holders, maybe the report should mention this..probably yes.  When I get some spare time, I may put something up as an enhancement request.

Regards Paul