How to create an Audit Trail

[ScottyB123]

Does anyone know how to create some kind of audit trail/report/log that basically keeps track of the following event.
A user connects to the Intelligence server from machine xyz (either by IP or machine name) at 22:05 April 14 and performs the following action, deletes all projects from the I-server.
Does anyone know where such information might be logged?
I don't believe Enterprise Manager is the answer.
Just curious from a security point of view, who/how do you keep an eye on the administrators?

 

[nlim]

I'm not the exact example you gave is in there, but actually there's a bewildering array of diagnostic logs that you can enable. I think the number is in the hundreds. Many can be traced at different levels.

If you go to program files>MSTR>Tools>Diagnostic log viewer, you can open up and set what you want. My suggestion is to have them all go to the same log file so you can see the sequential order.

 

[entaroadun]

A user with administrative access can disable logging before performing a malicious act. Don't know if the administrator can clear the log from within MSTR, though. If not, then you at least get the last few entries in the log, which should include the connection by the administrator. This log should be protected by NT...

Port monitoring on your app server may be your best bet.

 

[ScottyB123]

Thanks for the log viewer suggestion, I've been playing with it, and I don't think it does what I want. It appears to be more of a debugging/diagnostic tool, displays Proc Id's and Threads, but nothing very meaning full. Perhaps port monitoring on the app server is the best route to go. I'm going to keep digging.

Thanks all.