Hitachi

JP1 Version 12 JP1/IT Desktop Management 2 Administration Guide


10.2 Viewing operation logs

You can view a list of user operation logs stored on a management server. Tracing the history of file transfers or identifying computers on which suspicious operations were performed allows you to identify information leakage at an early stage, and to take measures against it.

Tip

To obtain operation logs, specify settings for operation logs in setup. In addition, the operation log policy must be enabled in advance.

To view operation logs:

  1. Display the Security module.

  2. In the menu area, select Operation Logs and then Operation Log List.

Operation logs are displayed in the information area. Clicking [Figure][Figure] on the scroll bar scrolls the displayed operation logs by day, and clicking [Figure][Figure] on the scroll bar scrolls the logs by month.

At the top of the view, a time chart is displayed, and the dates of operation logs are displayed on the view in a blue frame. If you click the button for a date, operation logs for that date are displayed at the top. Note that you cannot click the dates for which No operation logs is displayed when you move the mouse over them. If the time chart is too wide to be fully displayed, click [Figure] or [Figure] to scroll the chart.

If you narrow down information by using a filter, the target dates are displayed in a green frame.

If you specify operations that involve file transfers to be detected as suspicious operations in the security policy, when a suspicious file transfer is detected in an operation log, [Figure] is displayed in the Suspicious Operations field. To search operation logs for suspicious file transfer operations in the operation log list, use this symbol to filter the list to make the search easier.

Tip

If you specify the operation log backup folder during setup, operation logs are backed up. Operation logs are deleted from the database if they exceed the period specified in Period for storing automatically restored operation logs: (displayed by selecting Operation Log Settings, and then Automatic restoration of operation logs in the Setting module). Therefore, if you want to view past operation logs, import the backed up operation logs.

Tip

If it takes a long time to display operation logs, use Operation Date/Time (Browser) to narrow down the search range. Then specify search conditions such as Department, Location, Source, and User Name to narrow down the target devices.

Important

If operation logs are not stored on a management server, the Operation Log view is not displayed.

Tip

You can export operation logs by using the ioutils exportoplog command. We recommend that you export operation logs if you want to use them in other materials.

Tip

You can view the operation logs for a device selected in the Inventory module.

To view the operation logs of the device, in the Inventory module, select Device Inventory, and in the Device list view, from Action select To Operation Logs. The view then switches to the Security module, from which you can view the operation logs.

Tip

If the number of operation logs narrowed down by the filter exceeds 10,000, "10000+" is displayed.

Related Topics: