cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Auditing and reporting

Serverteam
Level 4

‎09-07-2010 07:58 AM

Hi

Were are running Enterprise Vault FSA only ( SP2). I have enabled the auditing of various catagories on the server level within the Vault administrator. Given that these results are collated in SQL server database, is there any easy quick method to report on them. ie ( delete, search, restore, view )

Our Finance department would like a report showing that no items have been deleted from the vault (in error or maliciously), or who is searching or restoring files from the archive.

I have had a brief look at "audit viewer" utility however it is very basic and does really provide much. It doesnt even list what the document name accessed is, just an obscure "Object ID".  We are more concerned with proving who is accessing the archived documents via web page archive explorer.  I have had a brief look at Discovery Accelerator however this is more for legal searches and processing.

Does SP4 or EV9 give any more options available.  It seems strange that you can log activities however cannot report on it.

Any assistance would be greatly appreciated.

Thanks

Nick

 

Audit.JPG
29 KB
0 Kudos
4 REPLIES 4

GertjanA
Moderator
Moderator
Partner    VIP    Accredited Certified

‎09-07-2010 12:16 PM

Hi Nick,

Your best bet is EV reporting.
Check this doc : http://seer.entsupport.symantec.com/docs/351429.htm
and this one: http://seer.entsupport.symantec.com/docs/355306.htm

Have fun!
Regards. Gertjan
0 Kudos

Rob_Wilcox1
Level 6
Partner

‎09-07-2010 01:08 PM

For the most part the reporting on the audit database contents is left to either the end-customer or a third party to build a wrapper which suits the needs of a particular customers.  What's good for one customer, just wouldn't be of any use to any other customer (probably) so that is part of the reason it's not productised.
Working for cloudficient.com
0 Kudos

Batmanfail
Level 4

‎09-08-2010 06:00 AM

Nuff Said....

Lets all log this in IDEA's as a change;
0 Kudos

Serverteam
Level 4

‎09-09-2010 06:24 AM

Thanks for the feedback. .  Its a bit dissapointing that Symantec doesn't provide any "userful" utility to interrogate the auditing event.  I am happy to try and use SQL to interrogate the data however I cannot figure out where all the SQL tables are stored as outlined in "Audit Viewer" headings ( see attachment enclosed), specifically the "Object ID". I know this references the archived document name somewhere. Does anyone know how to find this out.  With this information, I could run a SQL script to extract the data we want.

We are archiving to an EMC Centera if this make any diffence.

Thanks

Nick

 

Audit2.JPG
153 KB
0 Kudos