Audit reports provide a history of activity in the security system. Any activity that modifies the state of the security system, either via a configuration change or direct command, is logged in the audit history. Successful logins to the system, along with any requested data exports, are also logged in the audit history. Generated reports are time-stamped and available for 31 days. 

Audit Reports List

Select Audit Reports from the sidebar to display the Audit Reports list. The list is sorted by the Created date, with the newest report at the top.

The Audit Reports list does not automatically update to its most current state for reports in the pending state. To see if a pending report is ready to download, refresh the page.

  • Report: Identifies the audit report by its activity date range. Reports that are generated display the Download button download icon . While a report is generating, the progress icon progress icon is displayed.
  • Expiration Date: Displays the date when a generated audit report will expire, after which it will be removed.
  • Status: Shows "Available" for reports that can be downloaded. "Pending" indicates a report is being generated so is not ready to download.
  • Start Date: The beginning date for system activity to be included in the report. (System activity is stored as individual audit records in the database for 90 days.)
  • End Date: The end date for system activity to be included in the report.
  • Created: Displays the date the report was created.

  • Time Zone: Displays the system time zone from System Options. By default, Eastern Standard Time (New York) is used if a time zone is not available.

Audit Report File Download

Audit reports are downloaded as CSV (Comma-Separated Values) files. CSV files can be opened in table-oriented applications.

Audit reports are intended for offline archives. These reports are not backed up in the system so disaster recovery retention policies do not apply to them. To retain a record of the reports, save them locally.

A report showing the status of "Available" is ready for download. When the report is within 24 hours of its expiration, the remaining time will be displayed. Upon expiration, the report is removed from the Audit Reports list.

How to Read an Audit Report

Audit record information:

  • Correlation ID: Identifies records that correlate to a user-initiated event. These records are all related to a single operation initiated from the portal. (See Is Parent.)

    Correlation ID

    User Name

    Timestamp

    Audited Name

    Audited Type

    Is Parent

    Operation

    477f2e65-9e66-4f48-8228-2104fe4ca4d0

    'Chrissy Smalls

    8/20/2019 17:19

    'Cafeteria

    Space

    FALSE

    spaceCreated

    477f2e65-9e66-4f48-8228-2104fe4ca4d0

    'Chrissy Smalls

    8/20/2019 17:19

    'Cafeteria

    Space

    FALSE

    AssignmentsChanged

    477f2e65-9e66-4f48-8228-2104fe4ca4d0

    'Chrissy Smalls

    8/20/2019 17:19

    'Cafeteria

    Space

    TRUE

    spaceAdded

  • Customer ID: Identifies the customer.
  • Reseller ID: Identifies the reseller.
  • User ID: Identifies the user.
  • User Name: The name of the user that performed the action. User-entered values are generated with a string escape character (') to prevent Excel from interpreting any special characters as a macro.
  • Account ID: Identifies the reseller or customer account number.
  • Timestamp (UTC): The time during which the activity occurred, in Coordinated Universal Time.
  • Timestamp (EST): The time during which the activity occurred, in the time zone requested upon report generation.
  • Audited ID: This is the unique ID of the object being audited, and can be used to correlate records of interest.
  • Audited Name: The name of the object that was acted upon. The string escape character is also generated for this value.
  • Audited Type: Describes which area of the system is responsible for the audited action.
  • Is Parent: If true - Identifies a record that corresponds to a user-initiated action. All other records with the same Correlation ID correspond to the subsequent actions taken as a result of that user-initiated action.
  • Operation: Describes the action.
  • IP: Contains the IP address of the browser client that sent the initiating request.
  • Details: Based on the type of activity, contains the details of an object's new state. For activity such as "deviceDeleted" or "personDeleted", the Details field is empty.



© Honeywell International Inc. All Rights Reserved.