DeviceLock Enterprise Server : Using Log Viewers : Audit Log Viewer (Server)
  
Audit Log Viewer (Server)
The audit log viewer allows you to view the audit log stored on DeviceLock Enterprise Server.
DeviceLock Enterprise Server stores audit records received from a remote computer if DeviceLock Log is selected in the Audit log type parameter in Service Options on that computer. Otherwise, audit records are stored in the local Windows event logging subsystem of the remote computer, and can be viewed using the service’s audit log viewer (see Audit Log Viewer (Service)).
There is not much difference between the service audit log viewer and the server audit log viewer, so first read the Audit Log Viewer (Service) section of this manual.
Compared with the service’s audit log viewer, the server’s viewer has the following additional columns:
Computer - The name of the computer on which this event was logged by DeviceLock Service.
Event - The ID number of the event.
Received Date/Time - The date and time when DeviceLock Enterprise Server received this event from DeviceLock Service.
Server - The name of the computer running DeviceLock Enterprise Server that received this event from DeviceLock Service.
Consolidated Date/Time - The date and time that this event was last received from the remote server during log consolidation (see Consolidating Logs).
Consolidation Server - The name of the remote server from which this event was last received during log consolidation (see Consolidating Logs).
The Reason, Name and Information columns may display additional information about the device, enclosed in brackets. The console retrieves that information from the Description field of the USB Devices database. If no data can be found in the Description field for a given device, the additional information indicates the device’s PID, VID, and serial number or system identifier.