Auditing
The Auditing option is used to define the rules for the capture of auditing information and the location for storing the local event log. It also displays the events for which data is collected which can be selected for inclusion in the local log. The Audit option is accessible from the Home ribbon. The events available are context sensitive dependent on whether Policy Configuration or User Personalization is selected.
In Enterprise installations, events can be forwarded to the Management Center via the Client Communications Agent (CAA). When using this method for auditing, event data storage and filtering is configured through the Management Center Console.
For more information, see the Management Center Help.
In this section:
Configure Auditing Settings
- Select Policy Configuration.
-
From the Manage ribbon, click Auditing.
-
Use the radio buttons to define the required auditing settings:
Option Description Send events to the Application event logSend events to the Ivanti event log Select whether to save the event and associated application data to the Application or Ivanti event log: - Event Viewer > Windows Log > Application
- Event Viewer > Applications and Services Logs > Ivanti
You can select either Application or Ivanti event log, not both.
Make events anonymous Anonymous logging searches the file path for any instances where a directory matches the user name and replaces the directory name with the string USERNAME. With this option set to Yes, the computer and user names are not recorded for logged events. Send events to local file log Write the events to a local file in either CSV or XML format. Click the ellipsis to select a location for the file. The default location is: %SYSTEMDRIVE%AppSenseLogs\Auditing\EnvironmentManagerEvents_%COMPUTERNAME%.xml (or .csv). Local file log format Select whether the local file log is in XML or CSV format. - In the Local Event Filter, select the Log Locally checkbox for all the events which require logging. When selected, events are displayed in bold.
- Click Toggle selected to change the state between selected and cleared.
- Click OK to save the settings.
Events
Event ID | Event Name | Event Description | Event Log Type |
---|---|---|---|
9300 | Self healing process started | A process being monitored for self healing stopped and has been restarted. | Information |
9301 | Self healing registry key replaced | A registry key being monitored for self healing was changed and has now been reset. | Information |
9302 | Self healing registry key removed | A registry key being monitored for self healing was inserted and has now been removed. | Information |
9303 | Self healing file replaced | A file being monitored for self healing was modified or removed and has now been replaced. | Information |
9304 | Self healing file removed | A file being monitored for self healing was added and has now been removed. | Information |
9305 | Self healing service stopped | A service being monitored for self healing started and has now been stopped. | Information |
9306 | Self healing service started | A service being monitored for self healing stopped and has now been restarted. | Information |
9307 | Self healing registry value replaced | A registry value being monitored for self healing was changed and has now been reset. | Information |
9308 | Self healing registry removed | A registry value being monitored for self healing was inserted and has now been removed. | Information |
9399 | Software is not licensed | The Environment Manager software has not been licensed. | Error |
9400 | Lockdown edit control blocked drive | An edit control has had a blocked drive entered into it. | Information |
9401 | Lockdown edit control blocked text | An edit control has had blocked text entered into it. | Information |
9402 | Lockdown accelerator keys blocked | An application has had accelerator keys blocked. | Information |
9403 | Lockdown dialog blocked | An application has had a dialog box blocked. | Information |
9404 | Lockdown MSAA access blocked | An application has had access blocked for a control using MSAA detection. | Information |
9405 | User logon action success | A user logon action completed successfully. | Information |
9406 | User logon action fail | A user logon action failed to complete successfully. | Error |
9407 | User logoff action success | A user logoff action completed successfully. | Information |
9408 | User logoff action fail | A user logoff action failed to complete successfully. | Warning |
9409 | Computer startup action success | A computer startup action completed successfully. | Information |
9410 | Computer startup action fail | A computer startup action failed to complete successfully. | Warning |
9413 | Computer network available | A computer network available action completed successfully. | Information |
9414 | Computer network available action fail | A computer network available action failed to complete successfully. | Information |
9420 | User session reconnect action success | A user session reconnect action completed successfully. | Information |
9421 | User session reconnect action fail | A user session reconnect action failed to complete successfully. | Warning |
9422 | User session disconnect action success | A user session disconnect action completed successfully. | Information |
9423 | User session disconnect action fail | A user session disconnect action failed to complete successfully. | Warning |
9424 | User session locked action success | A user session locked action completed successfully. | Information |
9425 | User session locked action fail | A user session action failed to complete successfully. | Warning |
9426 | User session unlocked action success | A user session unlocked action completed successfully. | Information |
9427 | User session unlocked action fail | A user session unlocked action failed to complete successfully. | Warning |
9428 | Process start action success | A process start action completed successfully. | Information |
9429 | Process start action fail | A process start action failed to complete successfully. | Warning |
9430 | Process stopped action success | A process stopped action completed successfully. | Information |
9431 | Process stopped action fail | A process stopped action failed to complete successfully. | Warning |
9432 | Network connection action success | A network connected action completed successfully. | Information |
9433 | Network connection action fail | A network connected action failed to complete successfully | Warning |
9434 | Network disconnected action success | A network disconnected action completed successfully. | Information |
9435 | Network disconnected action fail | A network disconnected action failed to complete successfully. | Warning |
9436 | User logon (pre-session) action success | A user logon (pre-session) action completed successfully. | Information |
9437 | User logon (pre-session) action fail | A user logon (pre-session) action failed to complete successfully. | Information |
9438 | User logon (pre-desktop) action success | A user logon (pre-desktop) action completed successfully. | Information |
9439 | User logon (pre-desktop) action fail | A user logon (pre-desktop) action failed to complete successfully. | Information |
9440 | User logon (desktop created) action success | A user logon (desktop created) action completed successfully. | Information |
9441 | User logon (desktop created) action fail | A user logon (desktop created) action failed to complete successfully. | Information |
9442 | Scheduled node action success | A scheduled node action completed successfully. | Information |
9443 | Scheduled node action fail | A scheduled node action failed to complete successfully. | Information |
9480 | Configuration merge update | The configuration merge folder has been updated. | Information |
9481 | Configuration merge start | The configuration merge has started. | Information |
9482 | Configuration merge complete | The configuration merge has completed successfully. | Information |
9483 | Configuration merge fail | The configuration merge has failed. | Information |
9484 | Configuration merge timeout | The configuration merge has timed out waiting for expected files. | Information |
9495 | Not configured | IvantiEnvironment Manager has not been configured. | Warning |
9496 | Configuration unsupported | An old configuration has been found. | Warning |
9650 | Managed application start | A managed application has started. | Information |
9651 | Managed application stop | A managed application has stopped. | Information |
9652 | Personalization load error | Personalization settings for a managed application failed to load. | Error |
9653 | Personalization save error | Personalization settings for a managed application failed to save. | Error |
9654 | Blacklisted process started | A managed process has launched a blacklisted process. | Information |
9655 | Personalization not saved | Personalization settings not saved as another group application is running. | Information |
9656 | Offline resiliency save started | Offline resiliency save has been started for a managed application. | Information |
9657 | Offline resiliency save complete | Offline resiliency has successfully saved a managed application’s personalization settings. | Information |
9658 | Personalization settings purged | Personalization settings purged as offline mode is disabled. | Information |
9659 | Personalization settings updated | User personalization settings updated from personalization server. | Information |
9660 | Personalization failed | Personalization for a managed application failed. | Error |
9661 | Timeout Communicating with Personalization Server | A timeout occurred while trying to communicate with the Personalization Server. | Warning |
9662 | Trigger Action Times | All the actions have run for the trigger. | Information |
9663 | PreCache Application Success | Successfully Precached Managed Application. | Information |
9664 | PreCache Group Success | Successfully PreCached Managed Application Group. | Information |
9665 | PreCache Managed Application Failure | Failed to PreCached Managed Application. | Error |
9666 | PreCache Group Failure | Failed to PreCached Managed Application Group. | Error |
9667 | Personalization Profile Import | A Profile Import is Active. | Information |
9672 | Action success | The automated action has completed successfully. | Information |
9673 | Action Fail | The automated action has failed to complete. | Error |
9680 | Endpoint of Self Service start failure | The Endpoint Self-Service process failed to start. | Error |
9690 | Password Certificate Failure | The password for certification has failed. | Error |
9691 | Run As Failure | The Run As action has failed. | Error |