09-07-2010 07:58 AM
Hi
Were are running Enterprise Vault FSA only ( SP2). I have enabled the auditing of various catagories on the server level within the Vault administrator. Given that these results are collated in SQL server database, is there any easy quick method to report on them. ie ( delete, search, restore, view )
Our Finance department would like a report showing that no items have been deleted from the vault (in error or maliciously), or who is searching or restoring files from the archive.
I have had a brief look at "audit viewer" utility however it is very basic and does really provide much. It doesnt even list what the document name accessed is, just an obscure "Object ID". We are more concerned with proving who is accessing the archived documents via web page archive explorer. I have had a brief look at Discovery Accelerator however this is more for legal searches and processing.
Does SP4 or EV9 give any more options available. It seems strange that you can log activities however cannot report on it.
Any assistance would be greatly appreciated.
Thanks
Nick
09-07-2010 12:16 PM
09-07-2010 01:08 PM
09-08-2010 06:00 AM
09-09-2010 06:24 AM
Thanks for the feedback. . Its a bit dissapointing that Symantec doesn't provide any "userful" utility to interrogate the auditing event. I am happy to try and use SQL to interrogate the data however I cannot figure out where all the SQL tables are stored as outlined in "Audit Viewer" headings ( see attachment enclosed), specifically the "Object ID". I know this references the archived document name somewhere. Does anyone know how to find this out. With this information, I could run a SQL script to extract the data we want.
We are archiving to an EMC Centera if this make any diffence.
Thanks
Nick