System Audit Query

You use this program to view a log of changes or events that occurred in SYSPRO and which affect system security.

SYSPRO creates these logs automatically, the purpose being to assist system administrators to manage system security more effectively.

The transaction logs can be printed and they can be purged using the System Audit Purge program.

The Job Logging Query program maintains a log file of all programs that have been accessed by operators and can be used together with the System Audit Query to more effectively manage system security.

Menu and Toolbar

Field Description
File  
Print Generate a report of the log entries currently displayed in the list view.
Exit

This exits the program.

Time filter Indicate the time period(s) for which you want to display the log entries.
Category filter Indicate the type of log entries you want to display in the list view.

Refer to Transaction Categories for additional information.

Transactions

Column Description
Date Indicates the date on which the change or event occurred.
Time Indicates the time at which the change or event occurred.
Type Indicates the change or event which occurred.
Operator name Indicates the name of the operator who made the change or triggered the event.
Notes Indicates additional information about the change or event.

Transaction Categories

The Category filter option enables you to indicate the type of transaction log entries you want to display in the list view.

Category Description
Access denied to company Logged when an operator attempts to log into a prohibited company.
Access denied to program Logged when an operator attempts to access a prohibited program (defined in Groups or Role Program Access Maintenance).
Allow login to company  
Client-Server - Communication failure  
Client-Server - Failure to self-heal screenset  
Custom form - Column deleted  
Custom form - Column renamed  
Custom form - Data migrated from AdmFormData  
Custom form - Table deleted  
DFM - Zero size file deleted  
Document services - Deleted from pending archive  
Document services - Set Archive disabled flag  
Document services - Set Archive suspended flag  
Document services - Unlocked a pending archive  
Force new password next login set  
Group added This refers to the maintenance of operator groups.
Group changed This refers to the maintenance of operator groups.
Group deleted This refers to the maintenance of operator groups.
Group logout disabled This refers to changes to the option: Allowed to logout users in the Groups program.
Group logout enabled This refers to changes to the option: Allowed to logout users in the Groups program.
Job logging - log purged  
License invalid for company Logged when an operator attempts to log in to a SYSPRO company which has an invalid SYSPRO licence.
Login attempted - CMS license limit approached

Logged when the number of CMS only user licenses indicated at the Log within x CMS users of maximum field (System Setup) is reached.

This entry is only logged if the Log when approach CMS user limit options is enabled (System Setup).

Login attempted - CMS only license exceeded Logged when all CMS only user licenses have been used and an additional CMS only user attempts to log in.
Login attempted - CMS only license reached Logged when all CMS only user licenses have been used and an additional CMS only user attempts to log in.
Login attempted - Duplicate operator login Logged when an operator attempts to log into SYSPRO more than once and the Allow concurrent use of this operator option (Operators) is not enabled for that operator.
Login attempted - Invalid company  
Login attempted - Invalid company password  
Login attempted - Invalid user name Logged when an operator attempts to log into SYSPRO using an invalid operator code.
Login attempted - Invalid user password  
Login attempted - License limit approached  
Login attempted - Locked out after failed attempts Logged when an operator attempts to log into SYSPRO when the Number of login attempts defined against the operator's code has been reached (Operators).
Login attempted - Operator locked out

Logged when an operator attempts to log in to SYSPRO and the Operator locked out option is selected against the operator's code (Operators).

Login attempted - Operator password expired Logged when an operator attempts to log into SYSPRO using an expired operator password.
Login attempted - User license exceeded Logged when all SYSPRO user licenses have been used and an additional SYSPRO user attempts to log in.
Login attempted - User license reached Logged when the last available SYSPRO user license is used.
Login attempted - User not added to user file  
Login attempted and canceled Logged when an unsuccessful attempt was made to log into SYSPRO and the system exited out of the Login and Authentication program. For example, an attempt was made to log into a SYSPRO company which doesn't exist.
Multi-Factor authentication disabled  
Multi-Factor authentication enabled  
Multi-Factor authentication paused  
Multi-Factor authentication resumed  
Next key has been reset Logged when an auto-incremented transitory key has been reset.
Next key is at 1% of maximum Logged when the next auto-incremented transitory key has reached 1% of its maximum length.
Next key is at 2% of maximum Logged when the next auto-incremented transitory key has reached 2% of its maximum length.
Next key is at 5% of maximum Logged when the next auto-incremented transitory key has reached 5% of its maximum length.
Next key is at maximum of presentation length Logged when an auto-incremented transitory key has reached its maximum presentation length.
Operator added This refers to the maintenance of operators.
Operator changed This refers to the maintenance of operators.
Operator deleted This refers to the maintenance of operators.
Operator details chagned via Active Directory  
Operator disabled via Active Directory  
Operator logged out by another user Logged when an operator is logged out of SYSPRO by an administrator.
Operator logged self out using "EXIT" parameter  
Operator password options changed Logged when changes are made to Password options in the Login and Authentication program.
Operator password rules changed Logged when changes are made to Password rules in the Operator Password Definition program.
Operator security - Force change password set  
Operator security - Operator unlocked  
Operator security - Password changed  
Operator supervisor options changed Logged when changes are made to Supervisor options in the Operator Password Definition program.
Password added These refer to any changes made to passwords in SYSPRO (e.g. operator passwords, ledger code passwords, requisition user passwords, company passwords, report writer report maintenance passwords, passwords defined using the Password Definition program, etc.
Password changed  
Password deleted  
Prevent login to company  
Program already in use Logged when an operator attempts to load a program which is already loaded.
Role access control settings added  
Role access control settings deleted  
Role access control settings exported  
Role activities and fields settings added  
Role activities and fields settings deleted  
Role activities and fields settings exported  
Role added  
Role changed  
Role copied from existing role  
Role deleted  
Role design UI layouts performed  
Role esignature settings added  
Role esignature settings deleted  
Role esignature settings exported  
Role program access settings added - Import  
Role program access settings deleted - Import  
Role record exported  
Role user interface settings added  
Role user interface settings deleted  
Role user interface settings exported  
Role workflow settings added  
Role workflow settings deleted  
Role workflow settings exported  
SQL Server Session terminated  
SQL Server authentication reset mode performed  
SYSPRO custom package installed  
SYSPRO data conversion completed successfully Logged when the conversion of your data to a new version of SYSPRO is successful.
SYSPRO data conversion not completed Logged when the conversion of your data to a new version of SYSPRO fails.
SYSPRO port installed This lets administrators see whether a port update has been applied. The full filename of the executable is displayed (e.g. KB701_018_PORT.EXE installed).
Schedule detail added  
Schedule detail changed  
Schedule detail deleted  
Schedule header added  
Schedule header changed  
Schedule header deleted  
Supervisor override password used Logged whenever the supervisor password is used to override an operator's password.
Supervisor password changed Logged whenever the supervisor password is changed.
Supervisor password created Logged when the supervisor password is created.
System setup - CMS license usage option changed Logged when changing License usage options for CMS.
System setup - Client IMPACT.INI changed Logged when using the Edit Client Configuration function.
System setup - Custom server-side folder changed  
System setup - Data server-side folder changed  
System setup - Database access changed  
System setup - Database connection changed Logged when changing Database connection options.
System setup - Date presentation format changed Logged when changing the Presentation format for system dates.
System setup - E.net service details changed  
System setup - Espresso options changed  
System setup - Integration options changed  
System setup - License setup changed Logged when changing License setup options.
System setup - Login Dialog option changed  
System setup - Multi-Factor Authentication options  
System setup - Options changed Logged when changing system options such as language, nationality, etc.
System setup - Password definition options change  
System setup - Reporting options changed  
System setup - SMTP/Email settings  
System setup - Server-side folder changed  
System setup - Single sign-on option  
System setup - System wide maintenance  
System setup - System-wide database info changed Logged when changing Database information options.
System setup - User defined date format changed Logged when changing User defined date format options.
System setup - User license usage option changed Logged when changing License usage options for SYSPRO licenses.
System setup - e.net license changed Logged when using the Configure e.net License function.
Temporary password generated  
Upload files to server  
Windows process terminated  
Windows shutdown attempted - SYSPRO still running Logged whenever a Windows shutdown is attempted while SYSPRO is still running, including details of the SYSPRO program running at the time.
Windows task added  
Windows task changed  
Windows task deleted  
Workflow - Manual workflow override performed  

SQL Blocking Details

This displays a list of blocking/blocked SQL Sessions.

These SQL Sessions can only be killed on the SQL server. All the panes are refreshed after a process is killed.

A single process will never be displayed in the SQL Session pane. Details are only displayed when there is at least one blocking process and one blocked process. So if you kill only one process when two are displayed, then the list view will be empty on refresh.

An entry is created in Job Logging Query Job Logging when a process is killed.

Troubleshooting

FAQs

Why are two audit log records saved per login?
  • SYSPRO's System Audit Query program inserts two records into the AdmSystemAuditLog, instead of one:

    • The first record is inserted when the user tabs off the Operator password field, as the password is validated in order to determine whether or not to enable the company browse.

    • The second record is inserted when the user selects the login button and the system performs the actual login routine.

    In each of the above steps, an audit log check for the supervisor password is performed. If successful, two entries are created within the AdmSystemAuditLog.

  • Two records are inserted into the AdmSystemAuditLog when:

    • SYSPRO is launched from a shortcut, which has both the /OPER parameter and /PASS parameters defined (i.e. autorun parameters are supplied).

    • the /PASS parameter value is a supervisor password.

    • the operator account in question has a password defined against it.