Skip to main content
OnCommand Insight

Auditing system and user activities


If you want to locate unexpected changes, you can view an audit trail of the OnCommand Insight system and its user activities. Audit log messages can optionally be sent to syslog in addition to being displayed on the Audit page.

About this task

Insight generates audit entries for any user activities that affect the storage network or its management, including the following:

  • Logging in

  • Authorizing or unauthorizing a path

  • Updating an authorized path

  • Setting global policies or thresholds

  • Adding or removing a data source

  • Starting or stopping a data source

  • Updating data source properties

  • Adding, editing, or deleting a task

  • Removing an application group

  • Identifying or changing the identification for a device

  • Create a user

  • Delete a user

  • User role change

  • Modify a user (Guest à Admin)

  • Logout of a user (either forced logout or manual logout)

  • Deleting an acquisition unit

  • Update License

  • Enabling backup

  • Disabling Backup

  • Enabling ASUP (Enabling Proxy on same page is reported in audit log)

  • Disabling ASUP (Disabling Proxy on same page is reported in audit log)

  • Security - re-key, change system passwords.

  • Removing/adding annotations on assets

  • CAC user logon / logoff

  • CAC user session timeout


  1. Open Insight in your browser.

  2. Click Admin and select Audit.

    The Audit page displays the audit entries in a table.

  3. You can view the following details in the table:

    • Time

      Date and time that the changes were made

    • User

      Name of user associated with the audit entry

    • Role

      User account's role, which is guest, user, or administrator

    • IP

      IP address associated with the audit entry

    • Action

      Type of activity in the audit entry

    • Details

      Details of the audit entry

      If there is a user activity that affects a resource, such as a data source or an application, the details include a link to the resource's landing page.


      When a data source is deleted, the user activity details related to the data source no longer contain a link to the data source's landing page.

  4. You can display audit entries by choosing a particular time period (1 hour, 3 hours, 24 hours, 3 days, and 7 days), with Insight showing a maximum number of 1000 violations for the selected time period.

    You can click a page number below the table to browse through data by page if there is more data than fits on a single page.

  5. You change the sort order of the columns in a table to either ascending (up arrow) or descending (down arrow) by clicking the arrow in the column header; to return to the default sort order, click any other column header.

    By default, the table displays the entries in descending order.

  6. You can use the filter box to show only the entries you want in the table.

    To see only the audit entries by the user izzyk, type izzyk in the filter box.