This article provides complete information which will help you understating and auditing the log reports available in the Connect Portal.
The generated log report will contain the following details (columns):
Report column |
Description |
Source |
The module generating the log event. Currently, the possible values are portal and HOST . |
Session |
|
User Id |
|
User Name |
|
Account Id |
The internal ID of the account that the logged in Portal user belongs to. |
Entity Type |
The type of the entity involved in the current log event. For the complete list of entity types, please refer to the next section of this article. |
Action |
The action executed by the entity. For the complete list of actions each entity can perform, please refer to the next section of this article. |
Entity Id |
The internal ID of the entity involved in the current log event. |
Entity Name |
The name of the entity involved in the current log event. |
Result Code |
Indicates whether the action performed by the entity was successful or not. Normally, 0 means that the action has been successful, anything greater than 0 means that an error has occurred. |
Data |
Contains different data based on the action performed by the entity, as follows:
|
Action timestamp |
The Linux timestamp of the current log event. |
Action date |
The UTC date and time of the current log event. |
Environment |
The environment generating the log event. Currently, the only possible value is live . |
Below is the complete list of actions that can be performed on the Portal entity types and the description of the events logged in the audit trails.
Note: The Host events will be logged in the Portal only when a Connect Portal profile exists on the Host, is active (connected to the Portal), and Portal Logging is enabled for the account the Host belongs to.
In case the Portal profile goes temporarily offline (after having been connected before), events will be retained by the Host until the Portal profile goes back online, or until the Host is closed. When the Portal profile goes back online, if logging is still enabled in the Portal for the Host's account, all retained events will be logged. If logging has meanwhile been disabled for the account, or the Host is closed before the Portal profile re-establishes the connection, all retained events will be discarded.
In case no Portal profile is defined or active, no events will be logged.
Entity Type |
Action |
Event Description |
ACCOUNT |
CREATE |
An event is logged when the superadmin creates an account. It is the first event logged for any account. |
UPDATE |
An event is logged in one of the following situations:
|
|
ACCOUNT_AUTH_METHOD |
CREATE |
An event is logged when a new authentication method is created. |
UPDATE |
An event is logged when an existing authentication method has been updated. |
|
DELETE |
An event is logged when an existing authentication method has been deleted. |
|
BROWSE_GROUPS |
An event is logged when a user browse for LDAP User Groups in the Portal. |
|
DEVICE |
CREATE |
An event is logged when a device is created in the Portal through the enrollment process available with the Impero Host version 12.65 or above or when registering previous versions of the Impero Host. |
UPDATE |
An event is logged in one of the following situations:
|
|
ATTACH_TO_GROUP |
An event is logged when a device is attached to a Device Group. |
|
DETACH_FROM_GROUP |
An event is logged when a device is removed from a Device Group. |
|
DELETE |
An event is logged when a Portal user deletes the device. |
|
REVOKE |
An event is logged when a deployment package is revoked from the Portal and subsequently revokes all its associated devices. |
|
CONNECT |
An event is logged when the Portal user connects to the device via the Browser-based Support Console. |
|
AUTHORIZE |
An event is logged when a device requests and receives the list of permissions for a specific user requesting access. |
|
REGISTER |
An event is logged when a Impero Host changes its status (online/offline), having an earlier version than 12.65. |
|
ENROLL |
An event is logged when a Host enrolls to the Portal. |
|
RE_ENROLL |
An event is logged when a Host reenrolls to the Portal following a conflict (e.g., the Host or its machine was cloned). For information on device identity conflicts and workarounds, see this article. |
|
GET_ACCESS |
An event is logged whenever a Host tries to authorize itself for accessing the Portal. |
|
UPGRADE |
An event is logged when a Impero Host having an earlier version than 12.65 first tries to authenticate into the Portal and is migrated from a user/password configuration to an enrollment key configuration. |
|
DEVICE_CONFLICTS |
CREATE |
The event is logged after a Impero Host starts and detects a conflict with another online Host. For information on device identity conflicts and workarounds, see this article |
UPDATE |
An event is logged as part of the conflict solving process from the conflicting Impero Host. For information on device identity conflicts and workarounds, see this article. |
|
DEPLOYMENT_PACKAGE |
CREATE |
An event is logged when a deployment package is created in the Portal. |
UPDATE |
An event is logged in one of the following situations:
|
|
DELETE |
An event is logged when a deployment package is deleted from the Portal. |
|
REVOKE |
An event is logged when a deployment package is revoked in the Portal. |
|
GET_DOWNLOAD_URL |
An event is logged when a user initiates the download of the Host online installer from the Portal. |
|
GET_PUBLIC_DOWNLOAD_URL |
An event is logged when a user initiates the download of the online installer following an email received with the link from the Portal. |
|
UPLOAD_MSI |
An event is logged when a user successfully uploads an MSI file for a specific deployment package in the Portal. |
|
UPLOAD_MST |
An event is logged when a user successfully uploads an MST file for a specific deployment package in the Portal. |
|
DOWNLOAD_EXE |
An event is logged when a user successfully downloads the online installer from the Portal. |
|
PUBLIC_DOWNLOAD_EXE |
An event is logged when a user successfully downloads the online installer following an email received with the link from the Portal. |
|
DOWNLOAD_MSI |
An event is logged when the online installer successfully downloads the needed MSI file from the Portal. |
|
DOWNLOAD_MST |
An event is logged when the online installer successfully downloads the needed MST file from the Portal. |
|
USER_GROUP |
CREATE |
An event is logged when a user creates a User Group in the Portal. |
UPDATE |
An event is logged when a user updates a User Group in the Portal. |
|
DELETE |
An event is logged when a user deletes a User Group in the Portal. |
|
DEVICE_GROUP
|
CREATE |
An event is logged when a user creates a Device Group in the Portal. |
UPDATE |
An event is logged when a user updates a Device Group in the Portal. |
|
DELETE |
An event is logged when a user deletes a Device Group in the Portal. |
|
GUEST |
GET_DOWNLOAD_URL |
An event is logged when a user initiates the download of the Guest online installer from the Portal. |
LDAP_GROUP |
CREATE |
An event is logged when a user creates a LDAP User Group in the Portal. |
UPDATE | An event is logged when a user updates a LDAP User Group in the Portal. | |
DELETE | An event is logged when a user deletes a LDAP User Group from the Portal. | |
LOG_REPORT |
CREATE |
An event is logged when a user starts generating a log report. Usually, this log event is followed by an UPDATE event, when the log report is successfully generated. |
UPDATE |
An event is logged when a log report is updated; usually, this happens when the log report is generated successfully. |
|
DELETE |
An event is logged when a user deletes a log report in the Portal. |
|
APPLICATION |
CREATE |
An event is logged when a user creates an Application in the Portal. |
UPDATE |
An event is logged when a user updates an Application in the Portal. |
|
DELETE |
An event is logged when a user deletes an Application in the Portal. |
|
ROLE_ASSIGNMENT |
CREATE |
An event is logged when a user creates a Role Assignment in the Portal. |
UPDATE |
An event is logged when a user updates a Role Assignment in the Portal. |
|
DELETE |
An event is logged when a user deletes a Role Assignment in the Portal. |
|
USER |
CREATE |
An event is logged when a user creates another User in the Portal. |
UPDATE |
An event is logged when a user updates a User in the Portal |
|
DELETE |
An event is logged when a user deletes another User in the Portal. |
|
UPSERT |
An event is logged when a user logs in the Portal via ADFS and the user is created/updated. |
|
START_RESET_PASSWORD |
An event is logged when a user initiates the reset password mechanism in the Portal, by providing their email. |
|
RESET_PASSWORD |
An event is logged when a user resets the password using the instructions received by email. |
|
CANCEL_RESET_PASSWORD |
An event is logged when a user cancels a previous reset password request. |
|
ATTACH_TO_GROUP |
An event is logged when a user is added to a specific User Group by clicking the Attach to Group button. |
|
DETACH_FROM_GROUP |
An event is logged when a user is removed from a User Group. |
|
GENERATE_MFA_OTC |
An event is logged when a user generates one-time Multi-Factor Authentication codes to be used for login. |
|
VERIFY_EMAIL |
An event is logged when a user validates his/her email after the creation of a trial account. |
|
LOGIN |
An event is logged when a user attempts to log into the Portal. |
|
MFA_EMAIL_LOGIN |
An event is logged when a user authenticates in the Portal with a Multi-Factor token received by email. |
|
MFA_OTC_LOGIN |
An event is logged when a user authenticates in the Portal with a one-time Multi-Factor Authentication code previously generated in the Portal. |
|
LOGOUT |
An event is logged when a user logs out from the Portal. |
|
DEVICE |
PORTAL_CONNECTION_STARTED |
An event is logged when a Portal profile is initialized and the Host successfully connects to the Portal. The following Host parameters are logged in the event log:
|
PORTAL_CONNECTION_STOPPED |
An event is logged when a Portal connection (profile) is stopped. The following Host parameters are logged in the event log:
|
|
NRC_SESSION_STARTED |
An event is logged when a remote session is started. The following parameters are logged in the event log: For the Host:
For the Guest:
|
|
NRC_SESSION_STOPPED |
An event is logged when a remote session is stopped. |
|
REMOTECTRL_SESSION_STARTED |
An event is logged when a remote control session is started. |
|
REMOTECTRL_SESSION_STOPPED |
An event is logged when a remote control session is stopped. |
|
FILETRANSFER_SESSION_STARTED |
An event is logged when a file transfer session is started. |
|
FILETRANSFER_SESSION_STOPPED |
An event is logged when a file transfer session is stopped. |
|
CHAT_SESSION_STARTED |
An event is logged when a chat session is started. |
|
CHAT_SESSION_STOPPED |
An event is logged when a chat session is stopped. |
|
AUDIO_TRANSFER_STARTED |
An event is logged when audio is started during a remote session. |
|
AUDIO_TRANSFER_STOPPED |
An event is logged when audio is stopped during a remote session. |
|
KBDMOUSE_TRANSFER_STARTED |
An event is logged when, while in a remote control session, the technician takes over the keyboard and mouse control of the remote-controlled device. |
|
KBDMOUSE_TRANSFER_STOPPED |
An event is logged when, while in a remote control session, the technician's control over the keyboard and mouse of the remote-controlled device is stopped. |
|
REMOTEMGMT_SESSION_STARTED |
An event is logged when a remote management session is started. |
|
REMOTEMGMT_SESSION_STOPPED |
An event is logged when a remote management session is stopped. |
|
FILE_SENT |
An event is logged when, while in a file transfer session, a file is sent from the Host to the Guest. The following parameter is logged in the event log: file_name (the path and name of the sent file). |
|
FILE_RECEIVED |
An event is logged when, while in a file transfer session, a file is received by the Host. The following parameter is logged in the event log: file_name (the path and name of the received file). |
|
RUN_PROGRAM |
An event is logged when a program is run on the Host. The following parameter is logged in the event log: file_name (the name of the program or command that was ran). |
|
EXECUTE_COMMAND |
An event is logged when a command is executed on a remote-accessed device. The following parameter is logged in the event log: file_name (the name of the executed command). |
|
INVENTORY_SENT |
An event is logged when a Host inventory is sent to the Guest. |
|
MESSAGE_RECEIVED |
An event is logged when a message is received by a Host. |
|
CLIPBOARD_SENT |
An event is logged when, while in a remote-control session, the Host computer clipboard content is sent to the Guest computer clipboard. |
|
CLIPBOARD_RECEIVED |
An event is logged when, while in a remote-control session, the Guest computer clipboard content is retrieved by the Host computer clipboard. |
|
KEYBOARD_LOCKED |
An event is logged when, while in a remote-control session, the keyboard of the Host computer is locked. Note : The session ID is not available on this event. |
|
KEYBOARD_UNLOCKED |
An event is logged when, while in a remote-control session, the keyboard of the Host computer is unlocked. Note : The session ID is not available on this event. |
|
SCREEN_BLANKED |
An event is logged when, while in a remote-control session, the Host screen is blanked. |
|
SCREEN_UNBLANKED |
An event is logged when, while in a remote-control session, the Host screen is unblanked. |
|
HELP_REQUEST_SENT |
An event is logged when a help request is sent. The following parameters are logged in the event log:
|
|
HELP_REQUEST_CANCELLED |
An event is logged when a help request is cancelled. |
|
GATEWAY_LOGIN |
An event is logged when a connection is made through a Gateway that requires authentication. The following Gateway parameters are logged in the event log:
The result code can be one of the following:
|
|
GUEST_ACCESS_METHOD_CHANGED |
An event is logged when the Guest Access method defined on the Host is changed. The following parameters are logged in the event log:
|
|
LOGIN_FAILED |
An event is logged when the Guest fails to authenticate to the Host. The following Guest parameters are logged in the event log:
|
|
CONFIRM_ACCESS_GRANTED |
An event is logged when the Host confirms access for the Guest. |
|
CONFIRM_ACCESS_DENIED |
An event is logged when the Host denies Guest access. |
|
ILLEGAL_PASSWORD_LIMIT_REACHED |
An event is logged when, while authenticating to the Host, the Guest exceeds the maximum limit of password entries. |
|
TIMEOUT_LIMIT_EXCEEDED_AUTHENTICATION |
An event is logged when, while the Guest is authenticating to the Host, the authentication timeout limit is exceeded. |
|
TIMEOUT_LIMIT_EXCEEDED_CONFIRM_ACCESS |
An event is logged when the Confirm access on the Host has exceeded the timeout limit. |
|
TIMEOUT_LIMIT_EXCEEDED_INACTIVITY |
An event is logged when the remote session inactivity has exceeded the timeout limit. |
|
WEB_UPDATE_DOWNLOAD |
An event is logged when a web update is downloaded. The following parameters are logged in the event log:
|
|
WEB_UPDATE_INSTALL |
An event is logged when a web update is installed. |
|
WEB_UPDATE_FAILED |
An event is logged when a web update installation failed. The following parameters are logged in the event log:
|
|
WEB_UPDATE_CHECK |
An event is logged when a web update is checked. The following parameters are logged in the event log:
|
Comments
0 comments
Please sign in to leave a comment.