Enterprise Archive allows you to view user activity logs for triggered events and modified object types. You can search and view user audit logs for selected users, between specific dates. Enterprise Archive displays user audit logs for objects and user actions and provides details about the modifications and the actions done by selected users.

During investigation, information about users access of data or system can also be viewed.

Note

You must have Administrator privileges to view the user activity logs.
Currently, Audit logs might take a few minutes to display search results.

images/download/attachments/60329526/user_activity_log.png

UI Elements	Description
Search Filters	The search filters enable you to search for your desired activity logs based on the following filters: Modified Fields - Enables you to search user activity logs based on certain fields in the UI. The tasks are the Jobs IDs that are performed in Enterprise Archive. For example, the following image displays the tasks under Fields column. These are the field names that can be used to perform a search. Figure 7: Modified Fields Date Range - Enables you to search user activity logs based on a preferred date range. Selected Users - Enables you to search for specific user's activity log. Object Types - Enables you to search user activity logs based on Object types. Actions - Enables you to search user activity logs based on Actions.
User Activity Logs table	Enables you to view the User Activity Logs based on your search criteria as a table. Each row in the table is clickable. Once clicked, the row expands and displays additional information for each activity log.
Columns Filter	Enables you to add additional column to the table.
Download as CSV button	Enables you to download the user activity log as a CSV file.
Pagination buttons	The pagination buttons are available to navigate through the search results when the search results displayed across multiple pages.

Using User Activity Log

Your browser does not support the HTML5 video element

To search user activity logs:

Click Administration tab.
Click User Activity Log.
Enter the following search criteria in the Search panel.
Click Search. A table or User Activity Log panel displays the lists the activity logs for the selected search criteria.
Each row in the table is clickable. Once clicked, the row expands and displays the following information for each activity:
- App ID - Specifies the application ID used.
- Date - Date when the selected activity was performed
- User - Name of the user who has performed the activity.
- Action - Target Object Type - Type of activity performed such as Create, Update, or Delete.
- Target Object Name [id] - ID of the action performed.

Table 7: User Activity - Search Options

Options	Descriptions
Date Range	To get the user activity log between two dates, select the Start date and the End date.
Users	To select one or more users, click the select link and select the users from the Users dialog box.
Object Types	To search users activity logs based on Enterprise Archive application objects. Select the check box(s) corresponding to the objects:
Case	The following case activities can be viewed: Name - Name of the case. Enable Legal Action - Details of legal action performed. Enable Legal Action Duration - Configured duration of the legal action. Tag Group - Name of the tag group associated with the case. Custodian - Name of the custodian. Custodian Group - Name of the custodian group. Assignment - Reviewer of the case. Case Restriction : <Attributes> - Case level restrictions added on various attributes while creating or updating a case.
Tag Group	The following Tag Group details can be viewed: Tag Group name - Name of the specified Tag Group. Multi-select - Specifies if Multi-select option was enabled or disabled. True if enabled. False if disabled. Tag Name - Name of the Tag specified within the Tag Group.
Role	Lists all permissions modified within the Roles page. The value is displayed as True if the permission is enabled and False if the permission is disabled. Additionally, Content Restricted Access details are also displayed.
Cluster	The Name and Description of cluster modified are fetched.
Retention Policy	The following Retention Policy details are fetched: Name - Name of the modified or applied Retention Policy Store - Store field refers to the Retention policy storage types supported by Enterprise Archive, such as Compliance (WORM) and Operational (Non-WORM). Description - Description for the retention policy, if specified. Enabled - Specified if the retention policy was enabled or disabled. True if enabled. False if disabled. Retention Period - The retention period set for the policy.
Scheduled Export	Display details of scheduled export performed in the application such as: Case Name - Name of the case from where the documents were exported. Scheduled Export - Name given to the scheduled export. Search Template - Specifies the name of the search template used. How Often - Specifies the scheduled export frequency. Search Criteria - The search criteria defined to filter the exported documents. Container - Specifies the container type. Text or Email Format - Specifies the selected Text or Email Format. Load Format - Specifies the selected Load Format. Export Location - Specifies the configured Export Location.
User Activity Log	The following details are fetched: Object Types End Date
Library List	Displays the name of the uploaded list library file added along with the values present in the file.
Queues	Displays the name of the Queues' and all the configurations set in the Queues page such as: Reviewers Supervised Participants Queue Admin Policy Name Retention Period Timezone and so on.
Participants	Displays the name of the .csv file used to import participants into Enterprise Archive. If participants are imported using API, you will observe the following: The App ID is set to API. User ID is set to the API Client ID. Target Object Name is empty.
Report	Displays the name of the report viewed by the user along with the criteria, if any. Note All Enterprise Archive reports are generated in GMT timezone. Thus, the Date/Time values in all the reports as well as in the User Activity logs should be interpreted with respect to GMT only.
Scheduled Reports	Displays the report scheduled by the user along with the configuration set in the Scheduled Exports page: Scheduled Report Recipient Reports How Often Timezone Range Type and so on.
Snapshot	Details of Snapshot searched, viewed across Enterprise Archive are displayed along with actions taken on the documents. Additional details such as: Case Details - Name of the case along with details of where the search action was performed within the application, such as Case Management Collect search or Case Management Review search. No. of documents - Number of document fetched as search results. Search Duration - Time take for the search to fetch documents. Search Criteria - Criteria used to perform the search. Timezone - Timezone details configured in the application. Actions - Actions taken on documents such as Collect, Apply Tag/Notes, Export, and so on.
Saved Search	Details of searches saved across application is displayed along with the case or queue name. Also, the page info where the search criteria was saved is displayed. Additionally, saved searches that were published or modified and published are also displayed along with the search criteria.
User	Displays the list of updated or modified user details. Additionally, details on users who changed the password is also displayed.
End Point	Displays the modified End Point details such as End Point Name, Source Type, and Cluster Name.
Disclaimers	Displays details on the number of disclaimers added or modified into Enterprise Archive.
Export Location	Displays the details that were specified while creating or updating an Export Location, such as specified Server Name, Port, Location, Folder Name and so on.
Password Policy	Displays all the password policy updates made in the Change Password Policy page along with the old and updated configuration values.
Policies	Display details about created or updated policy along with the details configured such as: Name - Name of the policy. Policy Category - Category specified for the policy. Policy Type - Type of the policy such as Flag or Ignore. Search Criteria - The defined search criteria for the policy.
Sampling Profile	Displays all configurations specified while creating or updating the Sampling Profile such as: Name - Specifies the name of the Sampling Profile. Applied By - Specifies the Applied By option set by the user. Configure - Specifies the Configure option set by the user. Quota Value - Specifies the Quota Value set by the user. Communication Direction - Specifies the Direction set by the user. Communications - Specifies the Selection of Communication set by the user.
Participant Group	Displays the .csv file name used to import participant groups into Enterprise Archive.
Configuration	Displays the configuration changes made under the Options page in the Case Management and Supervision application.
Email Template	Displays details on modified Alert Template and Supervision Notification Templates, such as: Template Name Modified Field Old value New value
API Client	Displays the details of the resisted API Client such as: Name Description Enabled API Client Name Content Restriction Access
Actions	To search user activity logs based on any of the following actions, select the checkbox corresponding to the action:
Log In	Displays information of logged in users along with browse, browser version, and Operating System details.
Log Out	Displays information of logged out users along with browse, browser version, and Operating System details.
Access Violation	Displays all instances of access violation confronted by users along with details such as: IP Address - IP Address of the user. Permission - Specific permission denied to the user.
View	Displays information of users who have viewed a case along with case name and modified fields within the case.
Publish	Details of saved searches that were published across application is displayed along with the case or queue name. Also, the page info where the search criteria was saved is displayed along with the search criteria.
Delete	Displays all delete actions performed in Enterprise Archive, such as deleted saved search, deleted users, deleted disclaimers, deleted End Points, and so on. Details of deleted objects are displayed under the Target Object Name column.
Apply Holds	Specifies the document count that on which the Apply Holds action was performed along with the case name details.
Release Holds	Specifies the document count that on which the Release Holds action was performed along with the case name details.
Export	Display details on export performed such as: Application where the export operation was performed such as Archive Management, Case Management and so on. Name of the Case from where the documents were exported Additional Info such as: Total Count - Total number of documents exported. Action - Action performed on those documents. Export Name - Name defined for the export action. No. of Documents - Count of documents that were exported successfully. High Priority Export - Specifies if High Priority Export option was enabled or disabled. Notify Upon Completion - Specifies if Notify Upon Completion option was enabled or disabled. Load Format - Specifies the selected Load Format. Text or Email Format - Specifies the selected Text or Email Format. Container - Specifies the container type. Verify Chain of Custody - Specifies if EDRM v2.0 XML With CoC option was enabled or disabled. Date Gap - Specifies if Date Gap option was enabled or disabled. Compressed Zip File Flag - Specifies if Compressed Zip option was enabled or disabled. Search Criteria - The search criteria defined to filter the exported documents.
Collect & Apply Holds	Specifies the document count that on which the Collect & Apply Holds action was performed along with the case name details.
Log In Failure	Displays log in failures confronted by individual users along with the following details: IP Address Reason Browser Type Operating System
Session Timeout	Displays session timeout details of individual users along with the time-stamp.
Create	Displays all activities that were created within Enterprise Archive, such as: Create - Export Location Create - Notification Template Create - User Create- API Client Create - Queues Create - Polices Create - List Library Create - Saved Search Create - Retention Policy Create - Role and so on. Details of each configuration values set or fields added are also displayed below each respective activities.
Update	Displays all activities that were updated within Enterprise Archive, such as: Updated - User Updated - Disclaimer Updated - Email Template Updated - Role Updated - Case and so on. Details of each configuration values or fields modified are also displayed under New Value column below each respective activities.
Search	Details of search performed across Enterprise Archive are displayed along with actions taken on the documents. Additional details such as: Case Details - Name of the case along with details of where the search action was performed within the application, such as Case Management Collect search or Case Management Review search. Queue Details - Name of the review queue along with details of where the search action was performed within the application, such as Supervision Review search or Supervision Archive search. No. of documents - Number of document fetched as search results. Search Duration - Time take for the search to fetch documents. Search Criteria - Criteria used to perform the search. TimeZone - Timezone details configured in the application. Actions - Actions taken on documents such as Collect, Hold, Unhold, Assign, Escalate, and so on.
Apply Tag/Notes	Specifies the document count that on where Tags was applied along with the case name details. Additionally, Notes specified are also fetched for each document.
Import	Displays the name of the .csv file used to import participants into Enterprise Archive.
Collect Items	Specifies the document count that on which the Collect action was performed along with the case name details.
UnCollect	Specifies the document count that on which the Uncollect action was performed along with the case name details.
Bulk Update	Displays bulk update operations performed in Supervision Queue along with the following details: Bulk Edit Action - Specifies the Supervision action performed at a bulk, such as Add, Disable, and so on. Policy Name - Specifies the name of the policy in the Supervision Queue. Number of Queues Updated - Specifies the number of queues updated.

Note

If any of the operations are performed using API, the following details are displayed in the User Activity Logs page:

Request Headers
Request Time
RequestURI
Request Method
Response Code
Response Time
Response Headers