Audit Log Viewer (Server)
The audit log viewer allows you to view the audit log stored on DeviceLock Enterprise Server.
DeviceLock Enterprise Server stores audit records received from a remote computer if
DeviceLock Log is selected in the
Audit log type parameter in
Service Options on that computer. Otherwise, audit records are stored in the local Windows event logging subsystem of the remote computer, and can be viewed using the service’s audit log viewer (see
Audit Log Viewer (Service)).
There is not much difference between the service audit log viewer and the server audit log viewer, so first read the
Audit Log Viewer (Service) section of this manual.
Compared with the service’s audit log viewer, the server’s viewer has the following additional columns:
•Computer - The name of the computer on which this event was logged by DeviceLock Service.
•Event - The ID number of the event.
•Received Date/Time - The date and time when DeviceLock Enterprise Server received this event from DeviceLock Service.
•Server - The name of the computer running DeviceLock Enterprise Server that received this event from DeviceLock Service.
•Consolidated Date/Time - The date and time that this event was last received from the remote server during log consolidation (see
Consolidating Logs).
•Consolidation Server - The name of the remote server from which this event was last received during log consolidation (see
Consolidating Logs).
The Reason, Name and Information columns may display additional information about the device, enclosed in brackets. The console retrieves that information from the Description field of the USB Devices database. If no data can be found in the Description field for a given device, the additional information indicates the device’s PID, VID, and serial number or system identifier.