Audit Analyzer

The Audit Analyzer console is a graphical user interface that administrators can use to query and review captured user sessions. The Audit Analyzer is available with the Centrify Audit & Monitoring Service. The Audit Analyzer events focus on session modification.

Audit Analyzer Audit Event Log Sample

The following is a sample of an audit event log for Centrify Audit Event ID 3001. This log sample documents a session being deleted. The change was made by user=administrator@acme.vms on April 20, 2016 at 05:51:01.

04/20/2016 05:51:01 PM LogName=Application
 SourceName=Centrify AuditTrail V2 EventCode=3001
 EventType=4 Type=Information ComputerName= 
 member.acme.vms User=NOT_TRANSLATED Sid=S-1- 
 5-21-3883016548-1611565816-1967702834-500 SidType=0
 TaskCategory=%1 OpCode=Info RecordNumber=60622
 Keywords=Classic Message=Product: Centrify Suite Category:
 Audit Analyzer Event name: Delete session Message: 1 out
 of 1 selected sessions are successfully deleted. Apr 20
 17:51:00 member.acme.vms mmc[4064]: INFO
 AUDIT_TRAIL|Centrify Suite|Audit Analyzer|1.0|1|Delete
 session|5|user=administrator@acme.vms
 userSid=S-1-5-21-3883016548-1611565816-1967702834-500
 sessionId=11 CentrifyEventID=3001 DAInst= 
 AuditingInstallation DASessID=c72252aa-e616-44ff-a5f6- 
 d3f53f09bb67 sessions_deleted=1 sessions_selected=1

Audit Analyzer Audit Events

Audit Analyzer Audit Events

Event ID	Description	Parameters
3001	Delete session	Sessions_Deleted: Sessions_deleted Sessions_Selected: Sessions_selected
3002	Delete session by criteria	Delete_criteria: Delete session selection criteria Sessions_Deleted: Sessions_deleted Sessions_Selected: Sessions_selected
3003	Set session reviewers succeeded	Installation: Name of the installation Session Id: Unique identifier of the session Reviewers: List of reviewers of the session
3004	Set session reviewers failed	Installation: Name of the installation Session Id: Unique identifier of the session Reviewers: List of reviewers of the session Reason: Error message
3005	Remove session reviewers succeeded	Installation: Name of the installation Session Id: Unique identifier of the session
3006	Remove session reviewers failed	Installation: Name of the installation Session Id: Unique identifier of the session Reason: Error message
3007	Update session review status succeeded added in release 18.8	Installation: Name of the installation Session Id: Unique identifier of the session Review Status: Name of the review status
3008	Update session review status failed added in release 18.8	Installation: Name of the installation Session Id: Unique identifier of the session Review Status: Name of the review status Reason: Error message
3009	Replay session succeeded Added in release 19.6	Installation: Name of the installation Session Id: Unique identifier of the session User: User of the session Machine: Machine of the session
3010	Replay session failed Added in release 19.6	Installation: Name of the installation Session Id: Unique identifier of the session Reason: Error message
3011	Delete audit trail events succeeded Added in release 19.9	SearchFilter: Search Filter
3012	Delete audit trail events failed Added in release 19.9	SearchFilter: Search Filter Reason: Error Message
3013	Delete session succeeded Added in release 2020.1	Session Id: Unique identifier of the session Username: Name of the user whose session was recorded Machinename: Name of the machine where the session was recorded
3014	Delete session failed Added in release 2020.1	Session Id: Unique identifier of the session Username: Name of the user whose session was recorded Machinename: Name of the machine where the session was recorded Reason: error message