All actions that have been taken by Site Manager or by users in the console are logged in the 'Event Log', This allows administrators to review activity for auditing, security, or reporting purposes.
Viewing Event Logs
To view the event logs, follow the steps below:
Click 'View Event Logs' under 'Other Tasks' on the main Site Manager interface. The Event Log page will be shown as below:
To sort the event log, click on the column heading you want to sort by (multiple clicks will cycle through ascending, descending, and unsorted) or click the dropdown menu on the right-hand side of a column heading and select the appropriate sort option.
To filter, select any column heading and click 'Filter'. This will display the filter bar below the headings:
To apply a filter, click the edit box under the column to be filtered and select the appropriate option. The filter button to the right of the edit box allows clearing the filter or selecting between different filter types where available.
Event Log Columns
The event log table has columns as follows:
Column Name | Description |
---|---|
Time | The date and time when the event was logged. |
Type | The 'Type' column indicates the severity of the event. The types are:
|
Source | There are a number of different sources for each event. These sources show which part of the system the event originated from and filtering the source may be useful to show related events from the same area. |
Event | The event which has occurred. A full list is available below. |
Computer | If the event is associated with a computer, the NetBIOS name of the computer will be shown here. |
User | If the event was initiated by a user, the user's login name will be shown here. |
Message | This contains the message details for the event. The message can vary depending on whether the event is a success or failure event. For example, a 'Backup End' event may show additional error information for a failed backup over a successful one. |
Event Log Sources
The available Event Log sources are listed below:
Event Log Source Name | Description |
---|---|
System | Events from the server which is running Site Manager such as startup and shutdown events from the Windows service running Site Manager. |
Logon | Events relating to user login/logout of sessions. |
Settings | Changes to any of the items in Site Manager settings. |
Update | Notifications of new Site Manager software versions. |
Licenses | Upgrade, Addition, and removal of Macrium Agent License keys, warnings for problems with client licensing. |
Computers | Additional and removal of managed computers, online/offline status notifications. |
Backup Definitions | Changes to Backup Definitions. |
Schedules | Changes to Schedules. |
Repository | Changes to Repositories. |
Scheduler | Events from the internal scheduling of backups by repositories including backup scheduling, start and end. |
Reflect | Backup and restore events initiated from an individual computer's installation of Macrium Reflect rather than centrally. |
Dashboard | Events triggered from user interaction with the 'Dashboard' page. |
Restore | Events from Site Manager triggered restore operations. |
Agent | Errors and notifications from Agents running on managed computers. |
Backup | Events from Site Manager triggered backup operations. |
Verification | Events from Site Manager triggered verification operations. |
Image File Browser | Events triggered by browsing image files in the 'Repository' page. |
Rescue | Events relating to Rescue Media creation. |
Command Line | Events relating to the Site Manager command line interface. |
Event Log Events
The list of possible events and useful information that may be logged is shown below. Note that if relevant, all events will contain a username and/or computer NetBIOS:
Event Log Event | Description | Data available |
---|---|---|
Startup | The Site Manager service has started up | Site Manager version |
Shutdown | The Site Manager service has been requested to stop | |
User Login | A user has logged in. | Username, IP address |
User Logout | A user has logged out | Username |
Security Settings Changed | The security settings were changed by a user | |
Slack Settings Changed | The Slack settings were changed by a user | |
Notification Settings Changed | The Notification settings were changed by a user | |
Update Available | An update to the Management console is available | New Software Version |
Update Installed | The Site Manager has started with a new version | Old and new software version numbers |
License Key Added | A License Key has been added as a Client Access License | License key and number of seats |
License Key Removed | A License Key has been removed | License key |
Unlicensed Computers | One or more computers cannot be accessed by Site Manager due to licensing issues | Number of affected computers |
Computer Added | A computer has been added to Site Manager | Computer NetBIOS |
Computer Removed | A computer has been removed from Site Manager | Computer NetBIOS |
Agent Remotely Installed | Site Manager has attempted remote installation of an Agent | Computer NetBIOS affected, install success, error messages |
Agent Patched | The automatic Agent patching has pushed a patch to a remote Agent | Computer NetBIOS, patch name |
Repeat Last Backup | The Repeat Last Backup function has been used to trigger a backup | Computer NetBIOS |
Set Passphrase | The Passphrase for a computer has been changed on the server | Computer NetBIOS, passphrase |
Agent Updated | A remote Agent is now running a new version of the Agent software | Old and new versions |
Backup Definition Created | A new Backup Definition was created | Backup Definition name |
Backup Definition Removed | A Backup Definition was removed | Backup Definition name |
Backup Definition Updated | A Backup Definition was edited and updated | Backup Definition name |
Schedule Created | A new Schedule was created | Schedule name |
Schedule Removed | A Schedule was removed | Schedule name |
Schedule Updated | A Schedule was edited and updated | Schedule name |
Repository Created | A new Repository was created | Repository path |
Repository Removed | A Repository was removed | Repository path |
Repository Updated | A Repository was edited and updated | Repository path |
Repository Offline | The server lost contact with a Repository | Repository path |
Scheduled Backup Added | Backups have been scheduled in a Repository | Repository path, Backup Definition name, Schedule name |
Scheduled Backup Removed | Scheduled backups have been removed from a Repository | Repository path, Backup Definition name, Schedule name |
Scheduled Backup Active | A scheduled backup has been set as active on a Repository | Repository path, Backup Definition name, Schedule name |
Scheduled Backup Stopped | A scheduled backup has been stopped on a Repository | Repository path, Backup Definition name, Schedule name |
Scheduled Backup Triggered | Scheduled backups have triggered a backup to start on a managed computer | Computer NetBIOS, Repository path, Backup Definition name, Schedule name |
Backup Started | A backup has started or failed to start on a managed computer | Computer NetBIOS, error information |
Backup Finished | A backup has finished or failed on a managed computer | Computer NetBIOS, error information, log file name |
Restore Started | A restore has started or failed to start on a managed computer | Computer NetBIOS, error information |
Restore Finished | A restore has finished or failed on a managed computer | Computer NetBIOS, error information, log file name |
Clone Started | A clone operation has started or failed to start on a managed computer | Computer NetBIOS, error information |
Clone Finished | A clone operation has finished or failed on a managed computer | Computer NetBIOS, error information, log file name |
Backup Paused | A backup has been paused from the Site Manager interface | Computer NetBIOS |
Backup Cancelled | A backup has been cancelled from the Site Manager interface | Computer NetBIOS |
Session Start | A web session to Site Manager has been started | IP Address |
Session End | A web session to Site Manager has closed. The session will be closed by the server some time after the user has closed their web browser. This can be up to 10 minutes | |
Restore Requested | A restore operation has been requested through Site Manager | Computer NetBIOS, image file name |
Message Response | A request to an Agent has failed. | Computer NetBIOS, message type, error |
Agent Status Changed | A managed computer has changed online status | Computer NetBIOS, Online or offline |
Backup Requested | A backup operation has been requested through Site Manager | Computer NetBIOS |
Verification Started | A backup file verification operation has started | Backup file name and path |
Verification Finished | A backup filed verification operation has finished | Backup file name and path, success, error |
Home Edition Agent Limit Reached | The number of Home Edition standalone licensed clients has exceeded the limit (4). | Number of Home Edition clients, whether excess clients are using MALs |
Email Settings Changed | The Email settings were changed by a user | |
System Settings Changed | The System settings were changed by a user | |
Agent Settings Changed | Agent section of the settings page has been changed | |
Rescue Media Settings Changed | The Rescue Media section of settings was changed by a user | |
Network Settings Changed | The Network section of settings was changed by a user | |
Daily Export Settings Changed | The Daily Data Export section of settings was changed by a user | |
Email Notification | An email notification has been sent or failed to send | Email recipient, authentication type, error |
Agent Passphrase Remote Update | The secure passphrase on a remote agent has been updated. This occurs when advanced agent security is set in settings and an agent has been connected for the first time or the global passphrase has been set on the Site Manager server | Computer NetBIOS |
Remote Management Settings Changed | The Remote Management settings were changed by a user | |
Macrium Agent License Key Upgraded | A MAL has been upgraded. This may occur when a version 6 key is upgraded to version 7 when added to Site Manager. | Old and new keys |
Standalone Reflect License Key Upgraded | A client computer with a standalone Macrium Reflect install has had the Reflect license key upgraded by the Site Manager. This occurs when the user requests an upgrade from a Reflect version 6 to a Reflect version 7 key. | Computer NetBIOS, old and new license keys |
File Downloaded | A file has been downloaded by opening an image file in the Repository browser and downloaded | Image file, Downloaded file |
Remote Synchronization Started | A Repository has started to sync to a remote server | Repository, remote server |
Remote Synchronization Completed | A Repository has completed a sync to a remote server | Repository, remote server, error if appropriate |
Run Now Remote Synchronization Triggered | A user has requested that a manual remote synchronization should be started | Repository, remote server |
Remote Synchronization Reinitialized | A user has reinitialized a remote server so that it can be used as a target for remote synchronization | Repository, remote server |
Remote Synchronization Cancelled | User has cancelled a running remote synchronization through the Site Manager user interface | Repository, remote server |
Configuration Import | A configuration backup has been imported into Site Manager through the settings page Load Configuration option | |
Event Log Cleared | The Event Log was cleared by a user | |
Provider Deleted | A Login Provider has been deleted by a user | Provider name |
Provider Created | A Login Provider has been created by a user | Provider name |
Provider Configured | A Login Provider has been edited by a user | Provider name, success or failure |
Permissions Modified | Login Provider permissions have been changed by a user | Provider name, success or failure |
Agent Migration Start | A migration of an Agent from this Site Manager to another has started | Agent name, destination Site Manager details |
Agent Migration End | A migration of an Agent from this Site Manager to another has completed | Agent name, success or failure |
Server Connection Settings Changed | The network configuration of the Site Manager server connection has been changed | New configuration details |
Agent Manual Upgrade | An Agent has been queued for upgrade by a user | Agent name |
Backup Warning | A non-fatal warning about a backup has been generated | |
Rescue Media Build Started | A Rescue Media build has been started | Rescue Media type |
Rescue Media Build Succeeded | A Rescue Media build has succeeded | Rescue Media type |
Rescue Media Deleted | A Rescue Media image file was deleted | Rescue Media type |
Rescue Media Build Cancelled | A Rescue Media build was cancelled | Rescue Media type |
Purged Logs | Event Logs or Backup Logs have been purged due to age | Number of log entries purged |
Restore Preparation Failed | An error happened while preparing for a remote restore - this can be related to the backup itself or the PE rescue environment | Error |
Cancel Backup Request | A Run Now backup was canceled from the forecast. | Computer, Definition and backup type |
Permissions Granted | A user or group has been granted access to Site Manager | User or group name |
Permissions Revoked | A user or group has had access revoked from Site Manager | User or group name |
Configuration File Load Error | A Site Manager configuration file has failed to load. A copy has been made of the failed file for backup and support purposes | The file that failed to load |
Daily Data Export Settings Changed | The daily export section of the settings page was edited | |
Settings Change Failed | An attempt to save settings by a user has failed | Error |
Disk Space Low | A repository has triggered it's low disk space threshold | Repository, space threshold reached |
MIG Enabled | MIG has been enabled on a repository | Repository, error |
MIG Disabled | MIG has been disabled on a repository | Repository, error |
Backup File Deleted | A file has been deleted from a repository | Repository, file name |
Permissions Updated | Permissions have been updated for a user | User with updated permissions |
Command Line Action Run | An action has been run via the Site Manager command line interface | Action |
Remote Synchronization Deleted | A scheduled remote synchronization has been deleted | Repository, remote server name |
Remote Synchronization Created | A scheduled remote synchronization has been created | Repository, remote server name |
Remote Synchronization Edited | A scheduled remote synchronization has been edited | Repository, remote server name |
Restore Cancelled | A restore has been cancelled from the Site Manager interface | Computer NetBIOS |
Restore Paused | A restore has been paused from the Site Manager interface | Computer NetBIOS |
Clearing the Event Log
To remove any unwanted log entries such as from early testing of a deployment before going live, the event log can be cleared. This will remove all entries. Once the event log has been cleared, a single 'Event Log Cleared' event is logged.
To clear the Event Log, press the 'Clear' button above the top right of the event log table:
Exporting the Event Log
The Event Log can be exported as a CSV file to allow analysis or archiving of the Site Manager Server. To export the Event Log, press the 'Export' button above the top right of the event log table. A CSV will be downloaded which can be imported into other systems:
Automatically Purging the Event Log
The event log can be configured to automatically purge any entries older than a specified number of days. This can be configured in the 'System' section of 'Settings' - see Configuration and Security for details.
Events will be deleted at midnight, with 'Purged Logs' events being created when event logs or backup logs are purged.