Columns in Results Panel/Custom Report

You can control how column information for log entries is displayed in the Results panel from the Template settings dialog.

The following table describes the log entry information for columns in the Results panel and custom reports.

Ellipses […] in the Results panel indicate hidden log entries. For example, if you group a set of results using the value in one column, then multiple values in other columns, the results are shown as […].

Column Description
Attachment Shows that shadowed content is viewable.
Audit Event Shows the type of event that triggered the audit log.
Audit Type Shows the type of action the administrator performed.
Computer Shows name of the computer where device access was requested.
Count Shows how many log entries are hidden in a single row, accompanied by a grouping symbol displayed on the column header. Alternatively, this may be a computed column of data.
Device Class Shows the name of the device class.
Device Model Shows the manufacturer name for the device.
File Ext Shows the type of file extension.
File Name Shows the file name accessed on the device.
File Name (full) Shows the full name (including path) of the file accessed on the device.
File Path Shows the path to the file on the device.
File Type Indicates whether the file relates to a script or an application, for example Executable or Script.
Hash Shows the digital signature of the file, created by SHA-1 (Secure Hash Algorithm -1) that differentiate files with the same name.
Managed Device Name Shows the device name defined in the Device Explorer module.
Model Id Shows the device model that a user performed and action on.
NT Account Name Shows the domain user name of the person who triggered the event, for example MARVIN/johns or LocalSystem.
Other Shows information that may contain the access mask, DVD/CD serial number details, additional information, or parameters.
Process Name Describes the process used for device access.
Reason Indicates whether device access was granted or denied. This can have a value of No Permission, Granted or Denied.
SID Shows the secondary identifier for the user, for example S-1-5-21-647365748-5676349349-7385635473-1645. This is useful for tracing actions recorded in log files to users who have left an organization.
Size Shows the size of the shadowed file.
Target Shows the device for which the permissions were modified.
Target Computer Shows the computer name that was the target of the administrator action.
Target User Shows of the user or group name that the administrator action was applied to.
Traced On (Console time) Records the date the event occurred on the console computer.
Traced On (Endpoint time) Records the date the event occurred on the client computer.
Traced On (UTC) Records the date (Coordinated Universal Time) the event occurred on the client computer.
Transferred On (Console) Records the date the event record was transferred from the client computer to the Application Server.
Transferred On (UTC) Records the date (Coordinated Universal Time) the event record was transferred from the client computer to the Application Server.
Type Shows the type of event that triggered the log action such as the type of audit event.
Unique ID Shows the serial number for the device the user performed an action on.
User Shows the user name that triggered the event. For users removed from the Active Directory, this field also displays the SID, enabling identification of users who have left an organization.
Volume Label Shows the volume tag for the event that is logged.
X.500 User Name Shows the user name in Lightweight Directory Access Protocol format. This reflects the directory tree in which the user information is stored, for example, the X.500 user name may be CN=John Doe, CN=Users, DC=Jane and so forth.

Columns names starting with Count, Min, Max, Sum and Average may also be displayed. These contain computed data based on the values in the columns specified for Computed Columns.