Job Management Partner 1/Software Distribution Administrator's Guide Volume 1
![[Contents]](FIGURE/CONTENT.GIF)
![[Glossary]](FIGURE/GLOSS.GIF)
![[Index]](FIGURE/INDEX.GIF)
![[Back]](FIGURE/FRONT.GIF)
![[Next]](FIGURE/AFTER.GIF)
You can use the operation flow to check how a user used a file. Also, if a user copied a file to a different device on the network or deleted a file, you can trace the details of such an operation.
User operations can be traced from the search results in the Operation Log List window or the File Operation Trace window that is displayed by clicking the anchor of the file name in the Operation Log Total - Logs List window.
The File Operation Trace window is shown in the following figure.
Figure 6-36 File Operation Trace window
![[Figure]](FIGURE/ZU084040.GIF)
A single operation log is displayed as a single node (![[Figure]](FIGURE/ZU084045.GIF)
).
The node (base node) for the selected operation log is displayed in a heavy frame. Other nodes are for continuous operations from the base node.
A node that is likely to indicate an invalid operation, such as printing a file or copying to media, is indicated by a distinctive color. Operations that are performed on the same date and at the same time, as well as copy operations, are indicated by branching. Note that nodes for operations performed on the same date and at the same time may include other logs. The icons and node display items are explained below.
![[Figure]](FIGURE/ZU084050.GIF)
: Back trace icon- Displays operations prior to the corresponding node. This allows you to see operations that were performed on a file prior to the operation indicated in a displayed node. You can use Hierarchy levels to display when tracing in the Asset Information Manager Subset's Server Setup dialog box to set the number of levels that are to be displayed at the same time when the back trace icon is selected.
![[Figure]](FIGURE/ZU084060.GIF)
: Forward trace icon- Displays operations subsequent to the corresponding node. This allows you to see operations that were performed on a file subsequent to the operation indicated in a displayed node. You can use Hierarchy levels to display when tracing in the Asset Information Manager Subset's Server Setup dialog box to set the number of levels that are to be displayed at the same time when the forward trace icon is selected.
![[Figure]](FIGURE/ZU084070.GIF)
: Operation log details icon- Displays the Operation Log Details dialog box for the node. This dialog box shows the operation log for the preceding and following five minutes. You can use the file name anchor for the displayed operation log to trace other operations.
![[Figure]](FIGURE/ZU084092.GIF)
: Retrace icon- Displays the File Operation Trace window, which uses the node as the base node and can also be used to trace other operations.
![[Figure]](FIGURE/ZU084080.GIF)
: Network icon- Displays a list of devices on the network, which may have been used to operate the node's file. You can use the list of devices to display a File Operation Trace window for other listed devices, so that you can then perform additional trace operations. For details about how to trace the operation of other devices, see (2) Tracing the operation of other devices.
![[Figure]](FIGURE/ZU084090.GIF)
: Close icon- Closes the node. To redisplay a node you have closed, click the back trace icon or forward trace icon of the node immediately before branching.
- Date/time
- Displays the date and time at which operation of the node was executed.
- Type
- Displays the node's type. The type displayed for a node corresponds to the type of operation log collected by each linked product. Note that except for the base node, different names are displayed for the node types. For details about the respective correspondences, see (3) Correspondence between node type and operation log type.
- In the case of a Copied, Moved, or Renamed node, the nodes before and after the operation are displayed. When you trace a past operation, the node for the file before the operation is displayed. When you trace a subsequent operation, the node for the file following the operation is displayed.
- Drive type
- Displayed when Network, Removable, or CD ROM is being operated. When you click a file name, the drive type is displayed even when Local, RAM Disk, or Other media is being operated.
- User name
- The user name used by the user to log onto Windows. This item is displayed only when you click a file name to display details.
- Host name
- The host name of the node. This item is displayed only when you click a file name to display details.
- File name
- Displays details such as the node type, the user name used to log in to Windows, and the file's full path.
Placing the mouse cursor on a node pops up a menu from which you can browse the date/time and the file's full path.
The following nodes are displayed in color (the node type is indicated in parentheses):
- Node prior to the base node on which a file deletion operation occurred (Deleted)
- Node prior to the base node on which a file copy, file move, or file renaming operation occurred (Copied, Moved, or Renamed)
If there is a Network, Removable, or CD ROM operation subsequent to a node, it is displayed in color.
- Node subsequent to the base node on which a file creation operation occurred (Created)
- Node subsequent to the base node on which a Network, Removable, or CD ROM operation occurred
To print a trace image displayed in the File Operation Trace window, choose from the menu bar File and then Print. You can also specify the window size.
- Notes
- Even for the same operation nodes, whether the domain name is included in the host name depends on the product used to collect the operation logs.
- For a Copied, Moved, or Renamed node, the file name after the change may not be displayed. In this case, trace the node displaying the file name that was branched and changed.
- A Moved or Renamed node is not displayed if the only modification was to change the case of the file name (from upper to lower case and vice versa).
- If there is a Copied operation log for the same date and time as an Opened, Created, or Deleted operation log, and you attempt to trace back based on the Opened, Created, or Deleted operation, the Copied node is not displayed. In this case, if you trace the operation based on the Copied operation, other operation nodes are displayed and you can trace them.
- If the client's OS is Windows 8, Windows Server 2012, Windows 7, Windows Server 2008 or Windows Vista, and a folder was overwritten as a result of folder renaming, the operation log of file moves output by this operation cannot be traced.
- The operation log acquired from a client whose OS is Windows 8, Windows Server 2012, Windows 7, Windows Server 2008 or Windows Vista may not be traced if a file or folder name in the operation log for Copied or Moved contains (n)(n: any number).
Nodes displayed in the File Operation Trace window are based on operation logs stored in the JP1/Software Distribution database. For this reason, nodes that correspond to operation logs stored in a backup file are not displayed.
- Organization of this subsection
- (1) Trace operation for a device
- (2) Tracing the operation of other devices
- (3) Correspondence between node type and operation log type
(1) Trace operation for a device
The File Operation Trace window shows the operation flow for a device.
This section gives the following example of an invalid operation: a file containing confidential information is removed by changing its file name from employeelist.xls to explanatorynote.xls so that it no longer appears to be confidential information. The File Operation Trace window in this case is shown in the following figure.
Figure 6-37 File Operation Trace window (example of removing a confidential file)
![[Figure]](FIGURE/ZU022500.GIF)
The following explains the operations that can be checked at each node. The numbered items 1 to 5 in the figure correspond to the numbers in the following explanation.
- employeelist.xls is copied from the file server to a desktop.
This node is the base node. You can check the file name before and after copying.
- The file name is changed from employeelist.xls to explanatorynote.xls.
You can check the file name after it has been changed. You can confirm that the file name was changed from employeelist.xls to explanatorynote.xls.
- explanatorynote.xls is copied to USB memory.
You can confirm that the file on the desktop is copied to USB memory.
- explanatorynote.xls on the desktop is opened.
You can trace the operation on the copy source file. With this node, you can confirm that the file on the desktop was opened.
- explanatorynote.xls on the desktop was deleted.
You can confirm that the copy source file on the desktop is deleted.
If it is possible that the subject file was operated from another device, you can trace the operation using the network icon. For details about how to trace the operation of other devices, see (2) Tracing the operation of other devices.
(2) Tracing the operation of other devices
Clicking the network icon in the File Operation Trace window displays a list of devices that could have been used to operate the file.
From the list of devices, clicking the anchor of the file name of the device you want to trace displays the File Operation Trace window for the device on which you can trace operations.
When you want to trace the operation of other devices in the network, specify an appropriate time range using Settings for trace time range in the Server Setup window.
The flow for displaying the File Operation Trace window in order to trace operations performed by other devices in the network is shown in the following figure.
Figure 6-38 Flow for displaying the File Operation Trace window
![[Figure]](FIGURE/ZU084091.GIF)
The node displayed at the left of the base node is the original node.
(3) Correspondence between node type and operation log type
The table below shows the correspondence between the type displayed for each node and the type of operation log. The type of operation log of each product can be browsed using the detailed information about each node.
Table 6-7 Correspondence between node type and operation log type
| Node type |
Type of operation log of each product |
| Copied |
File copy |
| Moved |
File moving |
| Renamed |
File renaming |
| Deleted |
File deletion |
| Created |
File creation |
| Opened |
File opening |
| Moved |
Folder renaming |
All Rights Reserved. Copyright (C) 2009, 2013, Hitachi, Ltd.
Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated.