System Audit Query
You use this program to view a log of changes or events that occurred in SYSPRO and which affect system security.
SYSPRO creates these logs automatically, the purpose being to assist system administrators to manage system security more effectively.
The transaction logs can be printed and they can be purged using the System Audit Purge program.
The Job Logging Query program maintains a log file of all programs that have been accessed by operators and can be used together with the System Audit Query to more effectively manage system security.
Menu and Toolbar
Field | Description |
---|---|
File | |
Generate a report of the log entries currently displayed in the list view. | |
Exit |
This exits the program. |
Time filter | Indicate the time period(s) for which you want to display the log entries. |
Category filter | Indicate the type of log entries you want to display in
the list view. Refer to Transaction Categories for additional information. |
Transactions
Column | Description |
---|---|
Date | Indicates the date on which the change or event occurred. |
Time | Indicates the time at which the change or event occurred. |
Type | Indicates the change or event which occurred. |
Operator name | Indicates the name of the operator who made the change or triggered the event. |
Notes | Indicates additional information about the change or event. |
Transaction Categories
The Category filter option enables you to indicate the type of transaction log entries you want to display in the list view.
Category | Description |
---|---|
Access denied to company | Logged when an operator attempts to log into a prohibited company. |
Access denied to program | Logged when an operator attempts to access a prohibited program (defined in Groups or Role Program Access Maintenance). |
Allow login to company | |
Client-Server - Communication failure | |
Client-Server - Failure to self-heal screenset | |
Custom form - Column deleted | |
Custom form - Column renamed | |
Custom form - Data migrated from AdmFormData | |
Custom form - Table deleted | |
DFM - Zero size file deleted | |
Document services - Deleted from pending archive | |
Document services - Set Archive disabled flag | |
Document services - Set Archive suspended flag | |
Document services - Unlocked a pending archive | |
Force new password next login set | |
Group added | This refers to the maintenance of operator groups. |
Group changed | This refers to the maintenance of operator groups. |
Group deleted | This refers to the maintenance of operator groups. |
Group logout disabled | This refers to changes to the option: Allowed to logout users in the Groups program. |
Group logout enabled | This refers to changes to the option: Allowed to logout users in the Groups program. |
Job logging - log purged | |
License invalid for company | Logged when an operator attempts to log in to a SYSPRO company which has an invalid SYSPRO licence. |
Login attempted - CMS license limit approached |
Logged when the number of CMS only user licenses indicated at the Log within x CMS users of maximum field (System Setup) is reached. This entry is only logged if the Log when approach CMS user limit options is enabled (System Setup). |
Login attempted - CMS only license exceeded | Logged when all CMS only user licenses have been used and an additional CMS only user attempts to log in. |
Login attempted - CMS only license reached | Logged when all CMS only user licenses have been used and an additional CMS only user attempts to log in. |
Login attempted - Duplicate operator login | Logged when an operator attempts to log into SYSPRO more than once and the Allow concurrent use of this operator option (Operators) is not enabled for that operator. |
Login attempted - Invalid company | |
Login attempted - Invalid company password | |
Login attempted - Invalid user name | Logged when an operator attempts to log into SYSPRO using an invalid operator code. |
Login attempted - Invalid user password | |
Login attempted - License limit approached | |
Login attempted - Locked out after failed attempts | Logged when an operator attempts to log into SYSPRO when the Number of login attempts defined against the operator's code has been reached (Operators). |
Login attempted - Operator locked out |
Logged when an operator attempts to log in to SYSPRO and the Operator locked out option is selected against the operator's code (Operators). |
Login attempted - Operator password expired | Logged when an operator attempts to log into SYSPRO using an expired operator password. |
Login attempted - User license exceeded | Logged when all SYSPRO user licenses have been used and an additional SYSPRO user attempts to log in. |
Login attempted - User license reached | Logged when the last available SYSPRO user license is used. |
Login attempted - User not added to user file | |
Login attempted and canceled | Logged when an unsuccessful attempt was made to log into SYSPRO and the system exited out of the Login and Authentication program. For example, an attempt was made to log into a SYSPRO company which doesn't exist. |
Multi-Factor authentication disabled | |
Multi-Factor authentication enabled | |
Multi-Factor authentication paused | |
Multi-Factor authentication resumed | |
Next key has been reset | Logged when an auto-incremented transitory key has been reset. |
Next key is at 1% of maximum | Logged when the next auto-incremented transitory key has reached 1% of its maximum length. |
Next key is at 2% of maximum | Logged when the next auto-incremented transitory key has reached 2% of its maximum length. |
Next key is at 5% of maximum | Logged when the next auto-incremented transitory key has reached 5% of its maximum length. |
Next key is at maximum of presentation length | Logged when an auto-incremented transitory key has reached its maximum presentation length. |
Operator added | This refers to the maintenance of operators. |
Operator changed | This refers to the maintenance of operators. |
Operator deleted | This refers to the maintenance of operators. |
Operator details chagned via Active Directory | |
Operator disabled via Active Directory | |
Operator logged out by another user | Logged when an operator is logged out of SYSPRO by an administrator. |
Operator logged self out using "EXIT" parameter | |
Operator password options changed | Logged when changes are made to Password options in the Login and Authentication program. |
Operator password rules changed | Logged when changes are made to Password rules in the Operator Password Definition program. |
Operator security - Force change password set | |
Operator security - Operator unlocked | |
Operator security - Password changed | |
Operator supervisor options changed | Logged when changes are made to Supervisor options in the Operator Password Definition program. |
Password added | These refer to any changes made to passwords in SYSPRO (e.g. operator passwords, ledger code passwords, requisition user passwords, company passwords, report writer report maintenance passwords, passwords defined using the Password Definition program, etc. |
Password changed | |
Password deleted | |
Prevent login to company | |
Program already in use | Logged when an operator attempts to load a program which is already loaded. |
Role access control settings added | |
Role access control settings deleted | |
Role access control settings exported | |
Role activities and fields settings added | |
Role activities and fields settings deleted | |
Role activities and fields settings exported | |
Role added | |
Role changed | |
Role copied from existing role | |
Role deleted | |
Role design UI layouts performed | |
Role esignature settings added | |
Role esignature settings deleted | |
Role esignature settings exported | |
Role program access settings added - Import | |
Role program access settings deleted - Import | |
Role record exported | |
Role user interface settings added | |
Role user interface settings deleted | |
Role user interface settings exported | |
Role workflow settings added | |
Role workflow settings deleted | |
Role workflow settings exported | |
SQL Server Session terminated | |
SQL Server authentication reset mode performed | |
SYSPRO custom package installed | |
SYSPRO data conversion completed successfully | Logged when the conversion of your data to a new version of SYSPRO is successful. |
SYSPRO data conversion not completed | Logged when the conversion of your data to a new version of SYSPRO fails. |
SYSPRO port installed | This lets administrators see whether a port update has been applied. The full filename of the executable is displayed (e.g. KB701_018_PORT.EXE installed). |
Schedule detail added | |
Schedule detail changed | |
Schedule detail deleted | |
Schedule header added | |
Schedule header changed | |
Schedule header deleted | |
Supervisor override password used | Logged whenever the supervisor password is used to override an operator's password. |
Supervisor password changed | Logged whenever the supervisor password is changed. |
Supervisor password created | Logged when the supervisor password is created. |
System setup - CMS license usage option changed | Logged when changing License usage options for CMS. |
System setup - Client IMPACT.INI changed | Logged when using the Edit Client Configuration function. |
System setup - Custom server-side folder changed | |
System setup - Data server-side folder changed | |
System setup - Database access changed | |
System setup - Database connection changed | Logged when changing Database connection options. |
System setup - Date presentation format changed | Logged when changing the Presentation format for system dates. |
System setup - E.net service details changed | |
System setup - Espresso options changed | |
System setup - Integration options changed | |
System setup - License setup changed | Logged when changing License setup options. |
System setup - Login Dialog option changed | |
System setup - Multi-Factor Authentication options | |
System setup - Options changed | Logged when changing system options such as language, nationality, etc. |
System setup - Password definition options change | |
System setup - Reporting options changed | |
System setup - SMTP/Email settings | |
System setup - Server-side folder changed | |
System setup - Single sign-on option | |
System setup - System wide maintenance | |
System setup - System-wide database info changed | Logged when changing Database information options. |
System setup - User defined date format changed | Logged when changing User defined date format options. |
System setup - User license usage option changed | Logged when changing License usage options for SYSPRO licenses. |
System setup - e.net license changed | Logged when using the Configure e.net License function. |
Temporary password generated | |
Upload files to server | |
Windows process terminated | |
Windows shutdown attempted - SYSPRO still running | Logged whenever a Windows shutdown is attempted while SYSPRO is still running, including details of the SYSPRO program running at the time. |
Windows task added | |
Windows task changed | |
Windows task deleted | |
Workflow - Manual workflow override performed |
SQL Blocking Details
This displays a list of blocking/blocked SQL Sessions.
These SQL Sessions can only be killed on the SQL server. All the panes are refreshed after a process is killed.
A single process will never be displayed in the SQL Session pane. Details are only displayed when there is at least one blocking process and one blocked process. So if you kill only one process when two are displayed, then the list view will be empty on refresh.
An entry is created in Job Logging Query Job Logging when a process is killed.
Troubleshooting
FAQs
Why are two audit log records saved per login?
-
SYSPRO's System Audit Query program inserts two records into the AdmSystemAuditLog, instead of one:
-
The first record is inserted when the user tabs off the Operator password field, as the password is validated in order to determine whether or not to enable the company browse.
-
The second record is inserted when the user selects the login button and the system performs the actual login routine.
In each of the above steps, an audit log check for the supervisor password is performed. If successful, two entries are created within the AdmSystemAuditLog.
-
-
Two records are inserted into the AdmSystemAuditLog when:
-
SYSPRO is launched from a shortcut, which has both the /OPER parameter and /PASS parameters defined (i.e. autorun parameters are supplied).
-
the /PASS parameter value is a supervisor password.
-
the operator account in question has a password defined against it.
-