Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space MSMBASE and version 8.0

All actions which that have been taken by Site Manager or by users in the console are logged in the 'Event Log', This allows administrators to review activity for auditing, security, or reporting purposes.

Viewing Event Logs

...

Click 'View Event Logs' under 'Other Tasks' on the main Site Manager interface. The Event Log page will be shown as below:

Image RemovedImage Added

To sort the event log, click on the column heading you want to sort by (multiple clicks will cycle through ascending, descending, and unsorted) or click the dropdown menu on the right-hand side of a column heading and select the appropriate sort option.

Image RemovedImage Added

To filter, select any column heading and click click 'Filter'. This will display the filter bar below the headings:

Image RemovedImage Added

To apply a filter, click the edit box under the column to be filtered and select the appropriate option. The filter button to the right of the edit box allows clearing the filter or selecting between different filter types where available.

Event Log Columns

The Event Log event log table has columns as follows:

Column NameDescription
TimeThe date and time when the event was logged.
Type

The 'Type' column indicates the severity of the event. The types are:

    • Info - A normal event in the operation of the Management Console
    • Warning - Something unusual which that may indicate a problem or unusual operation
    • Error - A failure of some sort which may require investigation
SourceThere are a number of different sources for each event. These sources show which part of the system the event originated from and filtering on the source may be useful to show related events from the same area.
EventThe event which has occurred. A full list is available below.
ComputerIf the event is associated with a computer, the NetBIOS name of the computer will be shown here.
User

If the event was initiated by a user, the user's login name will be shown here.

MessageThis contains the message detail details for the event. The message can vary depending on whether the event is a success or failure event. For example, a 'Backup End' event may show additional error information for a failed backup over a successful one.

...

Event Log Source NameDescription
SystemEvents from the server which is running Site Manager such as startup and shutdown events from the Windows service running Site Manager.
LogonEvents relating to user login/logout of sessions.
SettingsChanges to any of the items in Site Manager settings.
UpdateNotifications of new Site Manager software versions.
LicensesUpgrade, Addition, and removal of Macrium Agent License keys, warnings for problems with client licensing.
ComputersAdditional and removal of managed computers, online/offline status notifications.
Backup DefinitionsChanges to Backup Definitions.
SchedulesChanges to Schedules.
RepositoryChanges to Repositories.
SchedulerEvents from the internal scheduling of backups by repositories including backup scheduling, start and end.
ReflectBackup and restore events initiated from an individual computer's installation of Macrium Reflect rather than centrally.
DashboardEvents triggered from user interaction with the 'Dashboard' page.
RestoreEvents from Site Manager triggered restore operations.
AgentErrors and notifications from Agents running on managed computers.
BackupEvents from Site Manager triggered backup operations.
VerificationEvents from Site Manager triggered verification operations.
Image File BrowserEvents triggered by browsing image files in the repository 'Repository' page.
RescueEvents relating to Rescue Media generationcreation.
Command LineEvents relating to the Site Manager command line interface.

Event Log Events

The list of possible events and useful information that may be logged us is shown below. Note that if relevant, all events will contain a username and/or computer NetBIOS:

Event Log EventDescriptionData available
StartupThe Site Manager service has started upSite Manager version
ShutdownThe Site Manager service has been requested to stop
User LoginA user has logged in.Username, IP address
User LogoutA user has logged outUsername
Security Settings ChangedThe security settings were changed by a user
Slack Settings ChangedThe Slack settings were changed by a user
Notification Settings ChangedThe Notification settings were changed by a user
Update AvailableAn update to the Management console is availableNew Software Version
Update InstalledThe Site Manager has started with a new versionOld and new software version numbers
License Key AddedA License Key has been added as a Client Access LicenseLicense key and number of seats
License Key RemovedA License Key has been removedLicense key
Unlicensed ComputersOne or more computers cannot be accessed by Site Manager due to licensing issuesNumber of affected computers
Computer AddedA computer has been added to Site ManagerComputer NetBIOS
Computer RemovedA computer has been removed from Site ManagerComputer NetBIOS
Agent Remotely InstalledSite Manager has attempted remote installation of an AgentComputer NetBIOS affected, install success, error messages
Agent PatchedThe automatic Agent patching has pushed a patch to a remote AgentComputer NetBIOS, patch name
Repeat Last BackupThe Repeat Last Backup function has been used to trigger a backupComputer NetBIOS
Set PassphraseThe Passphrase for a computer has been changed on the serverComputer NetBIOS, passphrase
Agent UpdatedA remote Agent is now running a new version of the Agent softwareOld and new versions
Backup Definition CreatedA new Backup Definition was createdBackup Definition name
Backup Definition RemovedA Backup Definition was removedBackup Definition name
Backup Definition UpdatedA Backup Definition was edited and updatedBackup Definition name
Schedule CreatedA new Schedule was createdSchedule name
Schedule RemovedA Schedule was removedSchedule name
Schedule UpdatedA Schedule was edited and updatedSchedule name
Repository CreatedA new Repository was createdRepository path
Repository RemovedA Repository was removedRepository path
Repository UpdatedA Repository was edited and updatedRepository path
Repository OfflineThe server lost contact with a RepositoryRepository path
Scheduled Backup AddedBackups have been scheduled in a RepositoryRepository path, Backup Definition name, Schedule name
Scheduled Backup RemovedScheduled backups have been removed from a RepositoryRepository path, Backup Definition name, Schedule name
Scheduled Backup ActiveA scheduled backup has been set as active on a RepositoryRepository path, Backup Definition name, Schedule name
Scheduled Backup StoppedA scheduled backup has been stopped on a RepositoryRepository path, Backup Definition name, Schedule name
Scheduled Backup TriggeredScheduled backups have triggered a backup to start on a managed computerComputer NetBIOS, Repository path, Backup Definition name, Schedule name
Backup StartedA backup has started or failed to start on a managed computerComputer NetBIOS, error information
Backup FinishedA backup has finished or failed on a managed computer Computer NetBIOS, error information, log file name
Restore StartedA restore has started or failed to start on a managed computer Computer NetBIOS, error information
Restore FinishedA restore has finished or failed on a managed computer Computer NetBIOS, error information, log file name
Clone StartedA clone operation has started or failed to start on a managed computer Computer NetBIOS, error information
Clone FinishedA clone operation has finished or failed on a managed computer Computer NetBIOS, error information, log file name
Backup PausedA backup has been paused from the Site Manager interfaceComputer NetBIOS
Backup CancelledA backup has been cancelled from the Site Manager interfaceComputer NetBIOS
Session StartA web session to Site Manager has been startedIP Address
Session End

A web session to Site Manager has closed.

Info

The session will be closed by the server some time after the user has closed their web browser. This can be up to 10 minutes



Restore RequestedA restore operation has been requested through Site ManagerComputer NetBIOS, image file name
Message ResponseA request to an Agent has failed.Computer NetBIOS, message type, error
Agent Status ChangedA managed computer has changed online statusComputer NetBIOS, Online or offline
Backup RequestedA backup operation has been requested through Site ManagerComputer NetBIOS
Verification StartedA backup file verification operation has startedBackup file name and path
Verification FinishedA backup filed verification operation has finishedBackup file name and path, success, error
Home Edition Agent Limit ReachedThe number of Home Edition standalone licensed clients has exceeded the limit (4).Number of Home Edition clients, whether excess clients are using MALs
Email Settings ChangedThe Email settings were changed by a user
System Settings ChangedThe System settings were changed by a user
Agent Settings ChangedAgent section of the settings page has been changed
Rescue Media Settings ChangedThe Rescue Media section of settings was changed by a user
Network Settings ChangedThe Network section of settings was changed by a user
Daily Export Settings ChangedThe Daily Data Export section of settings was changed by a user
Email NotificationAn email notification has been sent or failed to sendEmail recipient, authentication type, error
Agent Passphrase Remote UpdateThe secure passphrase on a remote agent has been updated. This occurs when advanced agent security is set in settings and an agent has been connected for the first time or the global passphrase has been set on the Site Manager serverComputer NetBIOS
Remote Management Settings ChangedThe Remote Management settings were changed by a user
Macrium Agent License Key UpgradedA MAL has been upgraded. This may occur when a version 6 key is upgraded to version 7 when added to Site Manager.Old and new keys
Standalone Reflect License Key UpgradedA client computer with a standalone Macrium Reflect install has had the Reflect license key upgraded by the Site Manager. This occurs when the user requests an upgrade from a Reflect version 6 to a Reflect version 7 key.Computer NetBIOS, old and new license keys
File DownloadedA file has been downloaded by opening an image file in the Repository browser and downloadedImage file, Downloaded file
Remote Synchronization StartedA Repository has started to sync to a remote serverRepository, remote server
Remote Synchronization CompletedA Repository has completed a sync to a remote serverRepository, remote server, error if appropriate
Run Now Remote Synchronization TriggeredA user has requested that a manual remote synchronization should be startedRepository, remote server
Remote Synchronization ReinitializedA user has reinitialized a remote server so that it can be used as a target for remote synchronizationRepository, remote server
Remote Synchronization CancelledUser has cancelled a running remote synchronization through the Site Manager user interfaceRepository, remote server
Configuration ImportA configuration backup has been imported into Site Manager through the settings page Load Configuration option
Event Log ClearedThe Event Log was cleared by a user
Provider DeletedA Login Provider has been deleted by a userProvider name
Provider CreatedA Login Provider has been created by a userProvider name
Provider ConfiguredA Login Provider has been edited by a userProvider name, success or failure
Permissions ModifiedLogin Provider permissions have been changed by a userProvider name, success or failure
Agent Migration StartA migration of an Agent from this Site Manager to another has startedAgent name, destination Site Manager details
Agent Migration EndA migration of an Agent from this Site Manager to another has completedAgent name, success or failure
Server Connection Settings ChangedThe network configuration of the Site Manager server connection has been changedNew configuration details
Agent Manual UpgradeAn Agent has been queued for upgrade by a userAgent name
Backup WarningA non-fatal warning about a backup has been generated
Rescue Media Build StartedA Rescue Media build has been startedRescue Media type
Rescue Media Build SucceededA Rescue Media build has succeededRescue Media type
Rescue Media DeletedA Rescue Media image file was deletedRescue Media type
Rescue Media Build CancelledA Rescue Media build was cancelledRescue Media type
Purged LogsEvent Logs or Backup Logs have been purged due to ageNumber of log entries purged
Restore Preparation FailedAn error happened while preparing for a remote restore - this can be related to the backup itself or the PE rescue environmentError 
Cancel Backup RequestA Run Now backup was cancelled canceled from the forecast. Computer, Definition and backup type
Permissions GrantedA user or group has been granted access to Site ManagerUser or group name
Permissions RevokedA user or group has had access revoked from Site ManagerUser or group name
Configuration File Load ErrorA Site Manager configuration file has failed to load. A copy has been made of the failed file for backup and support purposesThe file that failed to load
Daily Data Export Settings ChangedThe daily export section of the settings page was edited
Settings Change FailedAn attempt to save settings by a user has failedError

Disk Space Low

A repository has triggered it's low disk space thresholdRepository, space threshold reached
MIG EnabledMIG has been enabled on a repositoryRepository, error
MIG DisabledMIG has been disabled on a repositoryRepository, error

Backup File Deleted

A file has been deleted from a repositoryRepository, file name

Permissions Updated

Permissions have been updated for a userUser with updated permissions
Command Line Action RunAn action has been run via the Site Manager command line interfaceAction
Remote Synchronization DeletedA scheduled remote synchronization has been deletedRepository, remote server name
Remote Synchronization CreatedA scheduled remote synchronization has been createdRepository, remote server name
Remote Synchronization EditedA scheduled remote synchronization has been editedRepository, remote server name
Restore CancelledA restore has been cancelled from the Site Manager interfaceComputer NetBIOS
Restore PausedA restore has been paused from the Site Manager interfaceComputer NetBIOS

...

To remove any unwanted log entries such as from early testing of a deployment before going live, the Event Log event log can be cleared. This will remove all entries. Once the Event Log event log has been cleared, a single single 'Event Log Cleared' event is logged.

To clear the Event Log, press the the 'Clear' button above the top right of the Event Log event log table:

Image RemovedImage Added

Exporting the Event Log

The Event Log can be exported as a CSV file to allow analysis or archiving off of the Site Manager Server. To export the Event Log, press the Export 'Export' button above the top right of the Event Log event log table. A CSV will be downloaded which can be imported into other systems:

Image RemovedImage Added

Automatically Purging the Event Log

The Event Log event log can be configured to automatically purge any entries older than a specified number of days. This can be configured in the the 'System' section of of 'Settings' - see Configuration and Security for details.

Events will be deleted at midnight, with with 'Purged Logs' events being created when Event Logs or Backup Logs event logs or backup logs are purged.