Audit Log Viewer

The Audit Log Viewer is a web server interface that is deployed with the Audit Log Collection Service. The Audit Log Viewer Service is an optional component that needs to be selected in Install Assistant. The Audit Log Viewer allows users and admins to look at all the data in one central location. The data includes the date and time of the event, the associated account, where the event occurred and what component was affected.

Audit Log Viewer supports Windows Active Directory and Microsoft Entra ID authentication. It also supports role-based authorization. To be able to use the viewer, users and admins have to belong to an authorized group.

When the Audit Log Collection Service is installed on a node, the Identity Provider page of Configuration Assistant provides an option to enable users to log into the Audit Log Viewer using the configured authentication method.

If the Audit Log Viewer login method is Windows, by default members of the BUILTIN\Administrators group on the machine hosting Audit Log Viewer have audit log admin access. If the login method is Microsoft Entra ID, Users/Groups assigned to the ControlSuite.Admin role of the ControlSuite application that was set up in the Microsoft Azure portal have audit log admin access. The customer can specify which security group will have audit log admin access on the System Administrators page in Configuration Assistant.

Using the Audit Log Viewer

The Audit Log Viewer offers various way to organize the information. The columns can be sorted either alphabetically, or by timestamp or by account. If two items in a column are sorted alphabetically and have the same name, then they are sorted by timestamp. The viewer supports pagination and can be set to display 100 (default value), 200, 500, or 1000 records per page.

To use the Audit Log Viewer, do the following:

  1. Open the Audit Log Viewer from the Start menu or directly from a web browser.
  2. Sign in with valid credentials.
  3. On the Audit Log Viewer page, select View records to display the data collected by the Audit Log Collection Service.
  4. Click the Add Filter button to configure the data.
  5. On the Add Filter dialog,
    1. Select a data column from the Field drop-down list.
    2. Select an Operation and enter a Value for the operation.
    3. Click Add to save the selection.
  6. Select the number of records to view from the Items per page drop-down list.
  7. Select Purge records to select events to be removed from the viewer. This is for Administrators only.
  8. Select a date to Purge events posted before and click Apply purging. Purging history displays the Purge date, Account, and Records purged from the logs.
  9. Click the Clear History button to remove the list of purged events.