Veritas Data Insight User's Guide
- Section I. Introduction
- Section II. Data Insight Workspace
- Navigating the Workspace tab
- Analyzing data using the Workspace views
- Viewing access information for files and folders
- Viewing user activity on files or folders
- About visualizing collaboration on a share
- Viewing access information for users and user groups
- Section III. Data Insight reports
- Using Data Insight reports
- About Data Insight security reports
- Permissions reports
- Permissions Search report
- Creating a Permissions Query Template
- Permissions Query Template actions
- Ownership Reports
- About Data Insight storage reports
- About Data Insight custom reports
- Managing reports
- Viewing reports
- Using Data Insight reports
- Section IV. Remediation
- Configuring remediation workflows
- Managing workflow templates
- Creating a workflow using a template
- Managing workflows
- Using the Self-Service Portal
- About the Self-Service Portal
- Managing data
- About managing data using Enterprise Vault and custom scripts
- About adding tags to files, folders, and shares
- Managing permissions
- Configuring remediation workflows
- Appendix A. Command Line Reference
Viewing audit logs for files and folders
Note:
By default, Data Insight displays the activity logs for a selected file or folder for the last six months from the current date.
To view audit logs for files and folders
- From the Workspace navigate to the Data Sources list-view.
- Expand a data source to display a list of configured shares, site collections, or equivalent. Or expand a share or site collection to view the folders, sites, document libraries, or picture libraries present within the share or the site collection.
- Click a folder. The Summary panel populates to display additional details.
- Click Expand Profile on the Summary panel to display the underlying folder-centric views.
By default, the Overview tab displays the a summary of the selected data repository.
- Click Audit Logs. Or, right-click the file or folder and select Audit Logs.
- Apply the time filter for which you want to view the user activity on a specific file or folder.
- Select Include sub-folders, if you want to view activity logs for the subfolders that are contained in the selected folder.
- Click Go.
The Activity Pattern Map appears, which provides details about the users who have accessed that file or folder and the count of read and write user events on it. The option Include events on files before rename includes all events, including those before the Rename audit event was received for the file.
- The audit logs provide the following information:
The name of the user who generated the event.
In case of an Permission Change event, Data Insight displays the name of a fictitious user. You can view the details of the event in the Other Info column, however the name of the user is displayed as _DI_PERMCHG_DUMMY_USER_.
See About audit logs.
The name of the file that is accessed.
The path of the file.
The type of access event.
In case of a folder on a SharePoint site, the SharePoint access type such as checkout, view, check in, write, update, delete, and move to Data Insight meta access types - Read, Write, Create, Delete, and Rename.
Permission Change events are represented by the access type - PERMCHANGE.
The type of file
The access count
The IP address of the computer from which the file was accessed.
Currently, you cannot view the IP address of the computer from which the file was accessed for Windows File Servers, VxFS filers, and SharePoint sites.
In case of an Permission Change event, the IP address is displayed as 0.0.0.0.
The start and end time for the time window in which the event occurred.
- Click the Export icon at the bottom of the page to save the data to a
.csv
file. - Click the drop-down arrow on any column header and select Columns. Then, select the parameters you want to show or hide in the Access Pattern table.
To filter the audit logs
- To further filter the logs, do one of the following:
Select adjacent cells in the Access Pattern Map, right-click, and select View Audit Logs.
To view all accesses for the day, click on the column header of the Access Pattern Map.
To view all accesses of a user, click on the row header of that user.
You can control-click to select multiple adjacent cells in the Access Pattern Map.
- You can choose to filter the audit logs further using one or all of the following criteria:
The period for which you want to view the audit logs.
The start and the end date for which you want to view events.
The type of access.
Data Insight maps all SharePoint access types such as checkout, view, check in, write, update, delete, and move to Data Insight meta access types - Read, Write, Create, Delete, and Rename.
You can enter multiple comma-separated values.
- Enter the filter criteria in the relevant fields and click Go.
More Information