This subsection explains the information that is collected in the software operation log and suppression log.

(a) Information collected in a software operation log

Information collected in a software operation log differs depending on the event that occurs. The following information is collected. For details about the information that is collected, see 6.5.3 Items displayed in an operation log in the manual Administrator's Guide Volume 1.

Table 2-20 Information collected in a software operation log

Event	Time	Type	Logon user	Window title	Program name	File version	Account
Start process	Y	Y	Y	--	Y	Y	Y
Stop process	Y	Y	Y	--	Y	Y	Y
Change caption	Y	Y	Y	Y	Y	Y	Y
Change active window	Y	Y	Y	Y	Y	Y	Y
Start/Stop of machine	Y	Y	--	--	--	--	--
Logons/Logoffs	Y	Y	Y	--	--	--	--

Legend:

Y: Collected.

--: Not collected.

(b) Information collected in the software startup suppression log

The types of data listed below are collected in the software startup suppression log. For details about the information that is collected, see 6.5.1 Viewing software startup suppression logs in the manual Administrator's Guide Volume 1.

• Date and time
• Program name
• File version
• File language
• Software name
• Product version
• Account
• Logon user

The following Web access log information is collected:

• Execution date/time
  Date/time when a Web access was executed
  
• Type
  Web access
  
• Title
  Title of the accessed Web page
  
• URL
  URL of the accessed Web page
  
• Logon user
  User who logged onto Windows
  

Notes on collecting a Web access log

• A Web access log may result in a massive volume of data. Therefore, set up filtering conditions so that the history of Web pages that are frequently used in business is not collected.
• Information about images on Web pages cannot be collected.
• When a Web access is made from an inline frame, it might not be possible to collect the access destination information.
• If multiple Web accesses are made within 1 second, it might not be possible to collect a Web access log.
• If multiple copies of Microsoft Internet Explorer start concurrently, it might not be possible to collect a Web access log.
• If Microsoft Internet Explorer is started immediately after either logon to Windows or the application of an operation monitoring policy, it might not be possible to collect a Web access log.
• If a Web page or file that is divided into frames is accessed, log data is collected for each frame (with the total number of log entries equaling the number of Web accesses generated to configure the page). In this case, the title and URL of the main window are used as the log title and URL, respectively.
• A Web access log is also collected when files and folders are opened with Microsoft Internet Explorer.
• A Web access log might be collected even when a Web access attempt ends in a connection error due to factors such as a communication error or non-existent URL.

The information collected in the print operation and print suppression logs varies depending on the events that occur. The following table shows the information collected in the print operation and print suppression logs.

Table 2-21 Information collected in the print operation and print suppression logs

Event	Execution date/time	Type	Document name	Logon user	Name of the printer used	Result
Print	Y	Y	Y	Y	Y	--
Print suppression	Y	Y	Y	Y	Y	--
Print suppression released	Y	Y	--	Y	--	Y

Legend:

Y: Collected.

--: Not collected.

• Execution date/time
  Date and time when printing, print suppression, and print suppression release were performed
  
• Type
  Printed, Printing suppression, or Print suppression released
  
• Document name
  Name of the document that was printed or whose printing was suppressed
  
• Logon user
  User who logged onto Windows
  For a virtual environment, the logon user will vary depending on the event and the number of logon users.
  
  • Printing and print suppression events
    If there is only one logon user, the name of the user who performed printing is collected.
    If two or more users used a local printer, the names of the users who performed printing are collected. If a user starts software from a user account that is different from that of the logon user and performs printing, the name of the user who performed printing is collected.
    If a network printer is used, Network Printer is displayed.
    
  • Print suppression released event
    The name of the user who released print suppression is collected.
    
• Name of the printer used
  Name of the printer used for print operations. This is the printer name that is set up by the PC that executes printing. Therefore, if a user has changed this name, it might be different from the printer product name.
  
• Result
  Success or failure
  Note that a print suppression log is acquired when a print operation is suppressed. For the printer types for which print operations can be suppressed, see 2.5.4(2) Printer types for which printing can be suppressed. The following table shows the printer types from which print operation logs can be acquired.
  

  Table 2-22 Printer types from which print operation logs can be acquired

  Printer type	Port used	Print operation log acquisition
  Local printer	LPT port	Y
  	Local port	Y
  	USB port	Y
  	File port	Y
  	TCP/IP port	Y
  	LAN Manager port	N
  Shared network printer or printer connected to another PC	N/A	Y
  Internet printer	N/A	N
  Virtual printer	N/A	Y

  Legend:

  Y: Can be used

  N: Cannot be used

  N/A: Not applicable

  
  

Prerequisites for shared network printers

• If there is a client whose OS is Windows Vista or later, or a client on which File and Printer Sharing for Microsoft Networks is not installed
  
  • When you create an operation monitoring policy, you must configure the settings for collecting print operation logs and suppressing print operations. For details about configuring the settings for collecting print operation logs and suppressing print operations, see 6.2.9 Setup for collecting print logs and for suppressing print operations in the manual Administrator's Guide Volume 1.
  • To acquire a print operation log, WMI must be active on the client PC.
  • If you use single-byte characters to specify the name of a shared network printer, the number of characters must not exceed 199. If the printer name contains double-byte characters, you can specify 200 or more characters.
• If no client's OS is Windows Vista or later, and all clients have File and Printer Sharing for Microsoft Networks installed
  
  • When you create an operation monitoring policy, check the settings for collecting print operation logs and suppressing print operations. For details about the settings for collecting print operation logs and suppressing print operations, see 6.2.9 Setup for collecting print logs and for suppressing print operations in the manual Administrator's Guide Volume 1.
  • To acquire a print operation log, the printer server uses RPC to communicate with the client PC. If RPC communication is not possible, the problem might be caused by one of the following:
    The printer server's OS is Windows 95, Windows 98, or Windows Me.
    The printer server's OS is not Windows.
    The printer server is a printer based on the Internet Printing Protocol (IPP).
    A firewall or proxy is present between the printer server and the client PC.
    The client PC is controlled by NAT.
    The printer server cannot resolve the name of the client PC.
    The client PC's Windows firewall is enabled and File and Printer Sharing is not set to Exceptions.
    

Notes on collecting print operation and print suppression logs

• In the following cases, printing is not performed, but print operation and print suppression logs might be collected:
  
  • If Windows does not recognize a print operation as a print job
  • When a test print is performed during printer installation
  • If printing is performed before the software operation status monitoring facility is activated
  • If printing is cancelled immediately following print execution
• When a print job is in the print queue of a shared network printer
• If an operation monitoring policy for suppressing print operations is applied, that print job is suppressed and a print operation suppression log might be collected in some cases.
• If a print job is completed before the print operation is reported to the managing server
  The print operation log cannot be collected.
  
• If a print job is cancelled before the print operation is reported to the managing server
  The print operation log cannot be collected.
  
• When Hide extensions for known file types is enabled in the Windows folder options
  No extension is displayed in document names. This is the same as the content displayed in the window that displays the print queue in Windows.
  
• If a single print operation is processed as multiple print jobs
  Multiple print operation logs are collected.
  
• If printing is performed in a specific application
  An application name, instead of a document name, might be displayed in some cases. This is the same as the content displayed in the window that displays the print queue in Windows.
  
• If the printer server is suppressing printing in an environment in which a shared network printer is used
  Printing cannot be performed even if print suppression is released at the client PC, but a print job log is collected at the client PC.
  
• If a shared network printer is used, and there is a client whose OS is Windows Vista or later or a client on which File and Printer Sharing for Microsoft Networks is not installed:
  When you create an operation monitoring policy, you must configure the settings for collecting print operation logs and suppressing print operations. For details about configuring the settings for collecting print operation logs and suppressing print operations, see 6.2.9 Setup for collecting print logs and for suppressing print operations in the manual Administrator's Guide Volume 1.
  
  • If an operation monitoring policy is applied when a print job is in the print queue of a shared network printer, the print job might be reported and a print operation log might be collected in some cases.
• If no client's OS is Windows Vista or later, and all clients have File and Printer Sharing for Microsoft Networks installed
  
  • When you create an operation monitoring policy, check the settings for collecting print operation logs and suppressing print operations. For details about the settings for collecting print operation logs and suppressing print operations, see 6.2.9 Setup for collecting print logs and for suppressing print operations in the manual Administrator's Guide Volume 1.
• If multiple users who have logged onto a virtual environment simultaneously print a file having the same name from the same printer
  Only a single print operation log might be collected in some cases.
  
• If a user who has logged onto a virtual environment performs a print operation
  Depending on the operation timing, the same log might be collected more than once.
  

The following types of log data are collected for operations to or from external media:

• Operation date/time
  Date/time when external media was connected or disconnected
  
• Type
  Connected or Disconnected
  
• Logon user
  User who logged onto Windows
  For a virtual environment, the logon user will vary depending on whether there is a user who logged onto a console session.
  
  • When there is a user who logged onto a console session
    The logon user indicates the user who logged onto a console session.
    
  • When there is no user who logged onto a console session
    No logon user information is collected.
    
• External media type
  External media type (Local disk, Removable, CDROM, or Other (Collection failure))
  
• External media drive name
  Name of the drive to which external media was connected or from which it was disconnected
  

Notes on collecting log data for operations to or from external media

• If the client's OS is Windows 7, Windows Server 2008, or Windows Vista, log data cannot be collected for operations in a USB-connected CD/DVD drive or an internal CD/DVD drive.
• If the CD/DVD auto-playback function is disabled in the Windows settings, log data cannot be collected for operations in a USB-connected CD/DVD drive or an internal CD/DVD drive.
• If an external media device is removed from the client PC, the applicable drive is considered non-existent, and as a result Other (Collection failure) might be output as the external media type.
• Log data for operations to or from external media is output based on the information that is received from Windows. Therefore, if the following types of information are reported from Windows, the communicated information is output as log data for operations to or from external media:
  
  • When USB-connected media for which serial numbers are supported is connected to the client PC, the drive name (drive letter) that was used during the previous connection is assigned to the USB-connected media. In this case, even if an operation such as drive name duplication causes a connection failure, the drive name that was used during the previous connection is reported as log data.
  • If there is a connected device such as a multi-slot memory card, to which multiple drives are assigned when they are connected, Windows reports multiple items of connection log data for each drive. However, when the same device is disconnected (removed), Windows reports disconnection log data for a single drive only.
  • When external media is connected to a client PC for the first time, a single connection might cause Windows to report multiple items of connection and disconnection (removal) log data.
  • If the client's OS is Windows Me and a USB-connected CD/DVD drive is disconnected (removed), Windows might report multiple items of disconnection log data.
  • If the client's OS is Windows XP and a USB-connected CD/DVD drive is connected with a CD/DVD in the drive, Windows might report multiple items of log data.
  • If the client's OS is Windows NT 4.0, log data for operations to or from external media is not collected. However, operation log data for a CD/DVD drive might be reported in some cases.
• If the operation of USB-connected media is suppressed, a log might not be collected from the file operations inside the USB-connected media even if operation log collection is specified.

The information collected in the connection permission log and connection suppression log for USB-connected media varies depending on the event that occurs. The following table shows the information that is collected.

Table 2-23 Information collected in the connection permission log and connection suppression log for USB-connected media

Event	Type	Op D/T	Frndly name	ID: DD	ID: USB	Cond	User
USB media connection permission	Y	Y	Y	Y	Y	Y	Y
USB media connection suppression	Y	Y	Y	Y	Y	N	Y

Legend:

Op D/T: Operation date/time

Frndly name: Friendly name

ID: DD: Device instance name: CD/DVD drive

ID: USB: Device instance name: USB drive

Cond: Permission condition

User: Logon user

Y: Collected

N: Not collected

• Type
  Connection permission or Connection suppression
  
• Operation date/time
  The date/time on which an operation was performed on USB-connected media that is permitted or not permitted to be connected is collected in the following format:
  YYYYMMDDhhmmss
  
• Friendly name
  Friendly name of the USB-connected media
  
• Device instance ID-DD
  Device instance ID in the disk drive of the USB-connected media. This device instance ID is located under the device manager's disk drive.
  
• Device instance ID-USB
  Device instance ID in the USB controller of the USB-connected media. This device instance ID is located under the device manager's USB controller.
  
• Permission condition
  The permission condition for the USB-connected media specified in an operation monitoring policy is collected in the following format:
  Permission condition: type_match-condition_condition-string
  Each of the collected items is explained below.
  
  • The following table shows the information collected as type.
    

    Table 2-24 Information collected as "type"

    Type	Explanation
    DevID-DD	Device instance ID of the disk drive
    DevID-USB	Device instance ID of the USB controller
    FriendlyName	Friendly name

  • The following table shows the information collected as match-condition.
    

    Table 2-25 Information collected as "match condition"

    Match condition	Explanation
    Full	Full-match
    Pre	Starts-with
    Post	Ends-with
    Middle	Contains
    PreAndPost	Starts and ends with

  • A condition string is the string that is specified in the operation monitoring policy.
  Shown below is a collection example when the device instance ID of the disk drive starts with the condition string ABC.
  Permission condition: DevID-DD_Pre_ABC
  
• Logon user
  Name of the logon user who performed the operation on the target USB-connected media. However, if the user has not logged onto a console session in a virtual environment, no logon user name is collected.
  For a virtual environment, the logon user that will be acquired will vary depending on the logon destination.
  
  • When the user logged onto a console session
    User name in the console session
    
  • When the user did not log onto a console session
    No logon user name is collected.
    

Notes on collecting the connection permission and connection suppression logs for USB-connected media

In the following cases, it might not be possible to collect the connection permission and connection suppression logs for USB-connected media:

• When type or operation-date-time cannot be collected
  No connection permission or connection suppression log for the USB-connected media is collected.
  
• When none of the following can be collected: friendly-name, device-instance-ID-DD, device-instance-ID-USB, or permission-condition
  No connection permission log for the USB-connected media is collected.
  
• When none of the following can be collected: friendly-name, device-instance-ID-DD, or device-instance-ID-USB
  No connection suppression log for the USB-connected media is collected.
  

The information collected in the connection, disconnection, connection permission, and connection suppression logs for various devices varies depending on the event that occurs. The following table shows the information that is collected.

Table 2-26 Information collected in the connection, disconnection, connection permission, and connection suppression logs for devices

Collected item	Device connection	Device disconnection	Device connection permission	Device connection suppression
Type	Y	Y	Y	Y
Execution date/time	Y	Y	Y	Y
Device type	Y	Y	Y	Y
Drive type	Y	Y	Y	N
Drive letter	Y	Y	Y	N
Friendly name	Y	Y	Y	Y
Device instance ID by type	Y	Y	Y	Y
Device instance ID of controller	Y	Y	Y	Y
Permission condition	N	N	Y	N
User name	Y	Y	Y	Y

Legend:

Y: Collected

N: Not collected

• Type
  Connection, Disconnection, Connection permission, or Connection suppression
  
• Execution date/time
  The date/time on which the device was connected, disconnected, given connection permission, or prevented from connecting
  
• Device type
  The following table shows the information collected as device-type.
  

  Table 2-27 Information collected as "device type"

  Device type	Explanation
  USB storage device	USB-connected storage device
  Internal CD/DVD	Internal CD/DVD drive
  Internal floppy disk	Internal floppy disk drive
  IEEE1394	IEEE1394-connected device
  Internal SD card	Internal SD card drive
  Bluetooth	Internal or USB-connected Bluetooth device
  Imaging device	Internal or USB-connected imaging device
  Unknown	Unknown device type

• Drive type
  Drive type (Local, Removable, CD ROM, or Other media) of the device
  
• Drive letter
  Drive name of the device
  
• Friendly name
  Friendly name of the device
  
• Device instance ID by type
  Device instance ID under the device type (disk drive, DVD/CD-ROM, or the like)
  
• Device instance ID of controller
  Device instance ID under the device controller
  
• Permission condition
  The permission condition for the device specified in an operation monitoring policy is collected in the following format:
  Permission condition: condition-type_match-condition_condition-string
  Each of the collected items is explained below.
  
  • The following table shows the information collected as condition-type.
    

    Table 2-28 Information collected as "condition type"

    Condition type	Explanation
    DevID-Class	Various types of device instance IDs
    DevID-Ctrl	Device instance ID of the controller
    FriendlyName	Friendly name

  • The following table shows the information collected as match-condition.
    

    Table 2-29 Information collected as "match condition"

    Match condition	Explanation
    Full	Full-match
    Pre	Starts-with
    Post	Ends-with
    Middle	Contains
    PreAndPost	Starts and ends with

    Note: If condition-type is FriendlyName, Full is collected.

    
    
  • A condition string is the string that is specified in the operation monitoring policy.
  Shown below is a collection example when the device instance ID of the disk drive starts with the condition string ABC.
  Permission condition: DevID-Class_Pre_ABC
  
• User name
  Name of the user who logged on to Windows
  For a virtual environment, the user name that is acquired varies depending on whether the user logged on to a console session.
  
  • When the user logged on to a console session
    User name in the console session
    
  • When the user did not log on to a console session
    No user name is collected.
    

Notes on collecting the device operation log

• If device-type is Internal CD/DVD, Internal FD, IEEE1394, or Internal SD, a device connection permission log is not collected.
• If type or execution-date/time cannot be collected, connection permission, connection suppression, connection, and disconnection logs for the device are not collected.
• When none of the following can be collected, a device connection permission log is not collected: friendly-name, device-instance-ID-by-type, controller-device-instance-ID.
• When none of the following can be collected, a device connection suppression log is not collected: friendly-name, device-instance-ID-by-type, or controller-device-instance-ID.
• For the disconnection log, it might not be possible to collect the following items depending on the timing:
  
  • Device type
  • Drive type
  • Drive letter
  • Friendly name
  • Device instance ID by type
  • Device instance ID of controller
• If you try to collect a connection log while the device is disconnected or suppressed, you might not be able to collect log information since the device is disconnected. In this case, drive-type is displayed as Other.
• You cannot collect log data indicating that a device was connected to, or disconnected from the client PC (Device connection or disconnection logs) before operation monitoring starts, such as immediately following the startup of the client PC. However, you can collect the device connection and disconnection logs that are recorded after operation monitoring starts.
• If device-type is Internal FD, Drive type is Other. Additionally, no drive letter is collected.
• If either of the following operations is performed in an internal CD/DVD drive or USB-connected CD/DVD drive, a connection or disconnection log might not be collected in some cases.
  
  • Insertion of CD or DVD media
  • Ejection of CD or DVD media
• If the OS of the client PC is Windows 8, Windows Server 2012, Windows Vista, Windows Server 2008, or Windows 7, an operation log cannot be collected from an internal CD/DVD drive or USB-connected CD/DVD drive.
• If an floppy disk or SD card is inserted, a connection or disconnection log is not collected.
• If a device for which multiple device instance IDs are set is connected, multiple operation logs are collected from the single device. However, only a single disconnection log is collected.
• When a device is connected to the client PC for the first time, a device driver might be installed. When this occurs, multiple operation logs might be collected.
• Even when it is necessary to restart the client PC in order to enable an operation monitoring policy for suppressing operations, an operation suppression log is collected when the operation monitoring policy is set.
• Even when a product other than JP1/Software Distribution changes the device setting and device connection, or when disconnection is detected, a device operation log is collected.
• You cannot collect operation logs from devices that cannot be recognized as USB storage devices, Bluetooth devices, or imaging devices even when they are USB-connected.
• If a CD/DVD drive with a CD or DVD already inserted is connected to the client PC, multiple connection logs might be collected in some cases.
• If the client PC is restarted in order to enable an operation monitoring policy for suppressing operation, a device disconnection log might not be collected.
• If you specify an operation monitoring policy that suppresses the operation of a device that is already connected, the suppression log for that device might be collected when you connect a different device to the client PC.

A file operation event occurs when one of the operations listed below is performed on a file or folder. For details about the information to be collected, see 6.5.3 Items displayed in an operation log in the manual Administrator's Guide Volume 1.

• Copying
• Migration
• Renaming
• Deletion
• Creation
• File opening

Data collected in a file operation log differs depending on the operation that is performed. The following types of data are collected.

Table 2-30 Data collected in a file operation log

Operation	Time	Type	Logon user	Drive type	File name	Drive type after change	File name after change	Program name	Account
Copying	Y	Y	Y	Y	Y	Y	Y	Y	Y
Migration	Y	Y	Y	Y	Y	Y	Y	Y	Y
Renaming	Y	Y	Y	Y	Y	--	Y	Y	Y
Deletion	Y	Y	Y	Y	Y	--	--	Y	Y
Creation	Y	Y	Y	Y	Y	--	--	Y	Y
File opening#	Y	Y	Y	Y	Y	--	--	Y	Y

Legend:

Y: Collected.

--: Not collected.

#: If the OS of the client PC is one of the following, a log for file opening operation cannot be collected.

• Windows 8
• Windows Server 2012
• Windows 7
• Windows Server 2008
• Windows Vista

(a) Notes on collecting file operation log data

Note the following when collecting file operation log data:

• When a folder is copied, moved, or deleted, log data is also collected for all files and subfolders that are under that folder.
  When a folder name is changed, the path to the files and folders under that folder is changed. However, no log data is collected.
  
• After a file or folder operation, if an Undo operation is performed by using the Undo menu or by pressing the Ctrl + Z keys, the following operation log data is collected:
  

  Operation before Undo	Operation log data collected during the Undo operation
  Copying	Deletion of the copied file or folder
  Migration	Return of the moved file or folder to its original location
  Renaming	Name change back to the original file name or folder name
  Deletion	Moving of the deleted file or folder to its original location

• If you cancel a copy operation in the dialog box for confirming overwriting, the following occurs: If the update date of the copy-source file is the same as the update date of a file having the same name in the copy-destination folder, log data is collected, assuming the latter file to be a copy.
• When you consecutively copy the same file or folder, a log might be collected for creation operations instead of copying operations.
• When you move a file or folder to Windows Recycle Bin, log data is collected assuming that the file or folder has been deleted rather than having been moved.
• When you delete a file or folder from Windows Recycle Bin, the file name or folder name collected in the log data might differ from the name before deletion.
• If you select multiple files, file deletion log data might not be collected in some cases.
• Collection of operation log data for compressed (zip format) folders is not supported. However, log data might be collected for some operations.
• If the move-destination file is overwritten during a file move, or if a file move is undone, log data indicating the deletion of the move-source file might be collected in addition to log data indicating a file move.
• If a large number of files or folders are overwritten during a copying operation, log data might not be collected in some cases.
• If an operation monitoring policy that specifies to suppress operations on USB media is applied, history for operations performed on the USB media files may not be acquired.
• Immediately following the start of operation monitoring, you might not be able to acquire some of the file operations, or the output might be invalid. In either of these cases, perform a restart or logoff at the client. For the operation for starting operation monitoring, see 6. Monitoring Software Operation Status in the manual Administrator's Guide Volume 1.
• When multiple users are performing file operations in a virtual environment, if a user manipulates a file, it is considered that all users who are displaying that same file in Windows Explorer have performed the same operation, and logs are collected accordingly.

(b) Notes on collecting file operation log data from a client whose OS is Windows 8, Windows Server 2012, Windows 7, Windows Server 2008 or Windows Vista

When you collect file operation log data from a client whose OS is Windows 8, Windows Server 2012, Windows 7, Windows Server 2008 or Windows Vista, note the following points in addition to those described under (a):

• If a file or folder is manipulated from an application or from the command prompt on a client whose OS is Windows 8, Windows Server 2012, Windows 7, Windows Server 2008 or Windows Vista, log data might be collected for some of the operations.
• Collection of operation log data for file restoration from a shadow copy or backup is not supported. However, log data might be collected for some of the operations.
• If you use Remote Installation Manager or Asset Information Manager Subset to view a file operation log collected from a client whose OS is Windows 8, Windows Server 2012, Windows 7, Windows Server 2008 or Windows Vista, use JP1/Software Distribution Manager version 08-51 or later. JP1/Software Distribution Manager of Version 08-10 or earlier might not display the log data correctly.
• If the file operation log collection facility is being used, the memory usage by smcusapp.exe might continue to be large, but this will not affect the operation.
• If files or folders were restored by the File History feature of Windows 8, some file operation logs on them might be collected.

Note the following points on each type of operation for which log data can be collected.

Notes on collecting copy operation log data

• When a file is overwritten by a copy operation, if you choose Copy, but keep both files in the Confirm File Replace dialog box, note the following points:
  
  • Log data is collected in which the file name after the copying operation is pre-copy-file-name(n) (where n is an arbitrary number).
  • If the copy-source file is deleted after the copying operation, extra log data for a file move might be output.
  • If the copy-source file and the file to be overwritten have the same update date/time, extra copy log data is output in which the pre-copy and post-copy file names are the same.
• If the dialog box for confirming a file overwrite is displayed multiple times for a single copy operation, extra folder or file copy log data might be output.
• If a file or folder whose name contains parentheses (( )) is copied, log data might not be correctly collected.
• When multiple files or folders whose name contains (n) (where n is an arbitrary number) are selected and overwritten during a copying operation, if you choose Copy, but keep both files in the Confirm File Replace dialog box, log data might not be correctly collected.
• When files or folders whose name contains (n) (where n is an arbitrary number) are continuously copied, log data is collected indicating a file or folder creation for the second or subsequent copy operations.
• Following an Undo operation, if you perform a Redo operation in the Redo Copy menu or by using the Ctrl + Y keys, no file operation log data is output. For a Redo operation on a folder, log data is collected indicating a folder copy operation.
• If multiple files or folders, or a folder containing multiple files or folders are selected and copied, log data might not be collected in some cases.

Notes on collecting move operation log data

• When a file is overwritten by a move operation, if you choose Move, but keep both files in the Move File dialog box, log data is collected in which the file name after the move operation is pre-move-file-name(n) (where n is an arbitrary number). Additionally, extra move log data is output in which the pre-move and post-move file names are the same.
• When multiple files or folders whose name contains (n) (where n is an arbitrary number) are selected and moved, if you choose Move, but keep both files in the Confirm File Replace dialog box, log data might not be correctly collected.
• If a file is overwritten by a move operation, note the following points when you consolidate folders by clicking the Yes button in the Confirm File Replace dialog box:
  
  • If the move-source and move-destination folders contain files that have the same name, only the file is moved during folder consolidation, and the move-source folder is not deleted. In this case, copy log data is collected for the move-source folder.
  • When Move and replace is selected during file replacement confirmation, if the move-source file and the file to be overwritten have the same update date/time, file copy and deletion log data is collected instead of file move log data.
  • If Move, but keep both files is selected during file replacement confirmation, log data is collected in which the file name after the move operation is pre-move-file-name(n) (where n is an arbitrary number). If the pre-move file and the file to be overwritten have the same update date/time, file copy and deletion log data is collected in addition to file move log data. If the pre-move file and the file to be overwritten have different update dates/times, extra move log data is output in which the pre-move and post-move file names are the same.
• If the folder replacement confirmation dialog box is displayed multiple times for a single move operation, extra folder and file move log data might be collected.
• If a file whose name contains parentheses (( )) is moved, log data might not be correctly collected.
• If an Undo operation is performed following a file move, log data is collected for the movement of the file back to its original location and a file deletion. If an Undo operation is performed on a folder move, only folder move log data is collected. If a file or folder is overwritten during a move and then an Undo operation is performed, log data is output only for the deletion of the overwritten file. Following an Undo operation, if you perform a Redo operation in the Redo Move menu or using the Ctrl + Y keys, file deletion log data is collected. If a Redo operation is performed on a folder, folder move log data is collected.
• If an Undo operation is performed following a file move to Windows Recycle Bin, log data is collected for file deletions from Recycle Bin and for file creation at the restoration destination. In this case, a correct file name is not collected in the log data for file deletions from Recycle Bin.
• If multiple files or folders, or a folder containing multiple files or folders are selected and moved, log data might not be collected in some cases.

Notes on collecting name change operation log data

• If a file is overwritten by a name change operation, note the following points when you consolidate folders by clicking the Yes button in the Confirm File Replace dialog box:
  
  • If a folder before a name change contains several files, log data is output for file creation at the consolidation-destination folder and for file deletion prior to the name change. However, no log data is collected for the deletion of the pre-name-change folder. If a folder before a name change does not contain any file, log data is output only for the creation of a subfolder of the folder following the name change.
  • If a folder before a name change and the consolidation-destination folder contain subfolders that have the same name, subfolder creation log data is collected. In this case, no log data is collected for the deletion of the pre-name-change folder.
  • If a folder before a name change contains multiple files or subfolders, some log data might not be collected.
  • Log data might not be collected for the files that exist inside a subfolder of the pre-name-change folder.
• If multiple files or folders, or a folder containing multiple files or folders are selected and a batch name change operation is performed, log data might not be collected in some cases.

Notes on collecting deletion operation log data

• Following file deletion, if you perform an Undo operation or select the Undo menu, log data is collected for the file re-creation at the restoration destination and for file deletion from Windows Recycle Bin. However, a correct file name is not collected in the log for file deletion from Windows Recycle Bin.
• Following file deletion, if you move the file from Windows Recycle Bin, log data is collected for the movement of the deleted file to its original location.
• After multiple files or folders, or a folder containing multiple files or folders were selected and deleted, if you perform an Undo operation or select the Undo menu, or if you move the folder from Windows Recycle Bin, log data might not be collected in some cases.
• Following a file copy or move, if you delete the file within a certain amount of time and then perform an Undo operation, log data might be collected only for the file deletion from Windows Recycle Bin.

When you move a large number of files or folders, if you select Move and replace or Move, but keep both files during file replacement confirmation, file copy-and-deletion log data or file copy log data might be collected, instead of file move log data.

Although a log's actual size is affected by the event data collected, operation logs tend to be large. Therefore, when you install JP1/Software Distribution Manager, you need to specify a drive with ample capacity for the directory that stores the operation history (software operation history storage directory).

When the size of the operation history stored in the software operation history storage directory exceeds a specified value, you can also save the operation history in another directory (operation history backup directory).

The drive containing the software operation history storage directory and operation history backup directory can be a local drive (including a shared disk in a cluster environment), but can also be a network drive, such as Windows Powered NAS. We recommend that you specify a local drive with ample capacity for the software operation history storage directory, which is frequently accessed, and a network drive for the operation history backup directory, which is accessed less frequently.

However, to specify a network drive, you need an environment in which a single piece of authentication information can be used to connect to the network drive. Provide authentication information (user ID and password) that has all of the following permissions:

• Permissions that allow login to the JP1/Software Distribution server and the domain group, as well as writing of data into a backup file storage directory
• Permissions that allow writing of data into the software operation history storage directory
• Permissions that allow writing of data into the operation history backup directory
• Permissions that allow writing of data into the network drive

We also recommend that, for the network drive, you specify a drive in the same domain or workgroup as the machine on which JP1/Software Distribution Manager is installed. If you specify any other drive, authentication might take a long time.