cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Audit on the search history

Go to solution
John_Santana
Level 6

‎02-28-2013 05:36 PM

Hi,

As part of the Environment Security Initiative by the security team, is there any way to audit who has been doing what on the EV server ?

this is to know if someone got access to the Vault has been doing sensitive data snooping / searching.

Especially from the http://EV-Server-VM/EnterpriseVault/search.asp page.

1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified

‎03-01-2013 06:07 AM

If you turn Auditing on it will create a SQL database.  You will then enable the categories you wish to audit.  Just be sure to keep an eye on the Audit db size and trim it every once in awhile.

This will allow you to capture the information you are looking for in one place and not have to go though IIS logs.

View solution in original post

0 Kudos
7 REPLIES 7

Go to solution
TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified

‎02-28-2013 06:21 PM

Do you have Auditing enabled?

Configuring auditing

Article:HOWTO56897  |  Created: 2011-08-01  |  Updated: 2013-01-18  |  Article URL http://www.symantec.com/docs/HOWTO56897

Particularly Advanced Search:

Advanced Search

Records details of searches performed using Outlook or the Web Access application, including the terms used and the number of items found.

0 Kudos

Go to solution
John_Santana
Level 6

‎02-28-2013 08:24 PM

well at the site level it seems that the audit is off.

what is the implication if it is ON ?

0 Kudos

Go to solution
Rob_Wilcox1
Level 6
Partner

‎02-28-2013 11:30 PM

If it's on then you can enable at the server level various auditing options.

You can also 'mine' the IIS logs.

Working for cloudficient.com
0 Kudos

Go to solution
TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified

‎03-01-2013 06:07 AM

If you turn Auditing on it will create a SQL database.  You will then enable the categories you wish to audit.  Just be sure to keep an eye on the Audit db size and trim it every once in awhile.

This will allow you to capture the information you are looking for in one place and not have to go though IIS logs.

0 Kudos

Go to solution
John_Santana
Level 6

‎03-04-2013 03:40 PM

Many thanks for the advice Tony, so in this case the audit isn't turned on by default.

plus by logon to the EV server as the EV service account, anyone can browse through anyone's the email.

0 Kudos

Go to solution
TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified

‎03-04-2013 06:02 PM

The EV service account does not have access by default.  Someone would have to grant permission for themselves on an archive to be able to search it.

0 Kudos

Go to solution
John_Santana
Level 6

‎03-05-2013 02:24 PM

Tony, yes you are right, many thanks for the advice.

0 Kudos