Topics | How To
Operations Recorded by Audit Trail
The Audit Trail feature allows you to track the operations of users who have access to the CommCell. This capability is useful if a detrimental operation was performed in the CommCell and the source of that operation needs to be determined.
Audit Trail records are retained for a specific period of time (in days) based on the severity level selected. Outlined below are the default retention timeframes for each severity level:
You can adjust the retention timeframe based on each severity level using the Audit Trail dialog box. After the retention time has expired, the data will be pruned when data aging is run. (See Data Aging for more information.)
See Configure Audit Trail Retention for step-by-step instructions on configuring Audit Trail retention.
Operations performed within the CommCell are grouped into four severity levels. Each level has pre-classified operations associated with it. These levels, as well as examples of operations that fall within them, are described in the following sections.
This level records operations that will result in imminent loss of data. Some examples of operations that fall into this severity level are:
When this severity level is selected for the GUI Audit Trail Report, only Severity Level 1 operations will be included.
This level records operations that may result in loss of data. Some examples of operations that fall into this severity level are:
When this severity level is selected for the GUI Audit Trail Report, Severity Level 1 and 2 operations will be included.
This level records changes to the general configuration of one or more entities. Such changes may produce unintended results when operations are performed. Some examples of operations that fall into this severity level are:
When this severity level is selected for the GUI Audit Trail Report, Severity Level 1, 2, and 3 operations will be included.
This level records changes to status, addition of entities, and other operations that have minimal impact on existing CommCell functions. Some examples of operations that fall into this severity level are:
When this severity level is selected for the GUI Audit Trail Report, operations for all severity levels will be included.
The following table lists the operations that are recorded at each severity level:
Severity Level |
Operation |
Critical | Abort Media in VaultTracker Action |
Critical | Change Client CommServe Host Name |
Critical | Change Client Host Name |
Critical | Change Client Name |
Critical | Change SharePoint Archiver Prune Settings |
Critical | Deconfigure a Storage Node in Library and Drive Config Tool |
Critical | Delete a Client Group |
Critical | Delete a Library |
Critical | Delete a Mount Path |
Critical | Delete Automated Content Classification ERM Connector |
Critical | Delete Backup Set |
Critical | Delete Client from Content Indexing Engine |
Critical | Delete Compliance Director Legal Hold |
Critical | Delete Compliance Director Policy |
Critical | Delete Compliance Director Record Center |
Critical | Delete Compliance Director Search |
Critical | Delete Compliance Director Tag |
Critical | Delete Content Index for Job |
Critical | Delete Content Indexing Engine |
Critical | Delete Content Indexing for Storage Policy |
Critical | Delete Custom Calendar |
Critical | Delete De-duplication for Storage Policy Copy |
Critical | Delete Export Location |
Critical | Delete History of VaultTracker Action |
Critical | Delete Iron Mountain Customer ID |
Critical | Delete Magnetic Media Content |
Critical | Delete Media |
Critical | Delete Media Container |
Critical | Delete Media Contents and Move Media |
Critical | Delete Replication Policy |
Critical | Delete Replication Set |
Critical | Delete Schedule |
Critical | Delete Schedule Policy |
Critical | Delete Snapshot |
Critical | Delete Spare Group |
Critical | Delete Storage Policy |
Critical | Delete Storage Policy Copy |
Critical | Delete User |
Critical | Delete User group |
Critical | Delete VaultTracker Policy |
Critical | Deleted Filer Management |
Critical | Disable Backups for Storage Policy Copy |
Critical | Disallow Copy Jobs in Media |
Critical | Erase Backup Data |
Critical | Export and Delete Media |
Critical | Failed Login |
Critical | Force Deconfigure a client |
Critical | Force Deconfigure a MediaAgent |
Critical | Force Deconfigure an Agent |
Critical | Full Erase Media |
Critical | Full Erase Media in Library |
Critical | Hard Delete Client |
Critical | Hard Delete iDataAgent |
Critical | Job Based Pruning |
Critical | Kill All Jobs |
Critical | Mark Recall Done for Media in VaultTracker Action |
Critical | Move Media between Libraries |
Critical | Oracle RMAN Cross-Check Disabled |
Critical | Oracle RMAN Cross-Check Enabled |
Critical | Quick Erase Media |
Critical | Quick Erase Media in Library |
Critical | Recall Media |
Critical | Remove De-duplication Access Path |
Critical | Revert Snapshot |
Critical | Update Custom Calendar |
Critical | Update Storage Policy Copy Properties |
High | A SCSI2 reservation release was attempted for a drive but failed. |
High | Allow Export |
High | Allow Recopy Data in Media |
High | Allow Recopy Job |
High | Change Network Password |
High | Change Storage Policy Copy Data Path |
High | Change Subclient Content |
High | Create Subclient |
High | Deconfigure Instance |
High | Delete Instance |
High | Delete Replication Pair |
High | Delete Snap Volume Unit |
High | Delete Subclient |
High | Delete Subclient Policy |
High | Delete Workflow |
High | Deleted Schedule Holiday |
High | Disable Schedule Policy |
High | Disallow Content Indexing for Jobs |
High | Do Not Retain Job |
High | Migrate Magnetic Library |
High | Reach Destination for Media in VaultTracker Action |
High | Reassociate Bulk Subclients |
High | Reassociate Individual Subclients |
High | Reassociation Subset of Subclients |
High | Resume Export for Media in VaultTracker Action |
High | Return Media in VaultTracker Action to Source |
High | Rollback History of VaultTracker Action |
High | Suspend Export for Media in VaultTracker Action |
High | Update Activity Control |
High | Update Client Encryption Properties |
High | Update Content Indexing Properties for Storage Policy |
High | Update De-duplication Access Path |
High | Update Instance Properties |
High | Update Library Properties |
High | Update Storage Policy Properties |
High | Update Subclient Properties |
High | Update VaultTracker Policy |
High | User group Enable/Disable |
Medium | Add a De-duplication Access Path |
Medium | Add a Mount Path |
Medium | Add Blind Media |
Medium | Add Custom Calendar |
Medium | Add Media Barcode Pattern |
Medium | Add New Media Container |
Medium | Add Operation Window |
Medium | Add Snap Volume Unit |
Medium | Add Spare Group |
Medium | Add Subclient Policy |
Medium | Add Workflow |
Medium | Allow Content Indexing for Jobs |
Medium | Allow Copy Job |
Medium | Allow Copy Jobs in Media |
Medium | Change Index Cache Retention Days |
Medium | Change Media Barcode Pattern |
Medium | Change SAN Switch |
Medium | Change Storage Policy Copy Precedence |
Medium | Change Storage Policy Properties for Moving Snapshots to Backup Media |
Medium | Change Subclient Post-Command |
Medium | Change Subclient Pre-Command |
Medium | Change the Host for a Storage Node in Library and Drive Config Tool |
Medium | Change Threshold for Drive Maintenance |
Medium | Change Threshold for Library |
Medium | Change Threshold for Media Expiration |
Medium | Changed Filer Management |
Medium | Changed Schedule Holiday |
Medium | Clone Automated Content Classification ERM Connector |
Medium | Clone Compliance Director Legal Hold |
Medium | Clone Compliance Director Policy |
Medium | Clone Compliance Director Record Center |
Medium | Clone Compliance Director Search |
Medium | Clone Compliance Director Tag |
Medium | Clone Storage Policy |
Medium | Clone Subclient Policy |
Medium | Configure a Storage Node in Library and Drive Config Tool |
Medium | Configure the Whole Storage Node in Library and Drive Config Tool |
Medium | Create Automated Content Classification ERM Connector |
Medium | Create Compliance Director Legal Hold |
Medium | Create Compliance Director Policy |
Medium | Create Compliance Director Record Center |
Medium | Create Compliance Director Search |
Medium | Create Compliance Director Tag |
Medium | Create Content Indexing for Storage Policy |
Medium | Create Schedule |
Medium | Create Schedule Policy |
Medium | Create Storage Policy |
Medium | Create Storage Policy Copy |
Medium | Created Filer Management |
Medium | Created Schedule Holiday |
Medium | Delete Media Barcode Pattern |
Medium | Delete Operation Window |
Medium | Description modified |
Medium | Disable Automated Content Classification ERM Connector |
Medium | Disable Compliance Director Legal Hold |
Medium | Disable Compliance Director Policy |
Medium | Disable Compliance Director Record Center |
Medium | Disable Compliance Director Search |
Medium | Disable Compliance Director Tag |
Medium | Disable De-duplication Access Path |
Medium | Disable Schedule |
Medium | Discover Media |
Medium | Drive Cleaned |
Medium | Drive Replaced |
Medium | Enable Automated Content Classification ERM Connector |
Medium | Enable Compliance Director Legal Hold |
Medium | Enable Compliance Director Policy |
Medium | Enable Compliance Director Record Center |
Medium | Enable Compliance Director Search |
Medium | Enable Compliance Director Tag |
Medium | Enable De-duplication Access Path |
Medium | Enable Schedule |
Medium | Enable Schedule Policy |
Medium | Execute QScript |
Medium | Export Media |
Medium | Export Media from Library |
Medium | Export Media from Library through VaultTracker |
Medium | Export Media through VaultTracker |
Medium | Kill Job |
Medium | Mark Media Bad |
Medium | Mark Media from Foreign CommCell Reusable |
Medium | Mark Media Full |
Medium | Mark Media Good |
Medium | Mark Partial Full |
Medium | Mark Volume Full for Storage Policy Copy |
Medium | Media Reuse Allowed |
Medium | Media Reuse Prevented |
Medium | Migrate Media |
Medium | Modify MediaAgent properties |
Medium | Mount Snapshot |
Medium | Move All Media to Spare Group |
Medium | Move Number of Media to Spare Group |
Medium | On Demand Failover for Storage Policy Copy |
Medium | Pick Job for Data Verification |
Medium | Pick Job for Moving Snapshots to Backup Media |
Medium | Pick up Media in VaultTracker Action |
Medium | Prevent Export |
Medium | Rename Snap Volume Unit |
Medium | Rename Spare Group |
Medium | Rename Subclient |
Medium | Rename Subclient Policy |
Medium | Rename Workflow |
Medium | Replace a Storage Node in Library and Drive Config Tool |
Medium | Retain Job |
Medium | Security Name Server Settings |
Medium | Unmount Snapshot |
Medium | Unpick Job for Moving Snapshots to Backup Media |
Medium | Update Automated Content Classification ERM Connector |
Medium | Update Backupset Properties |
Medium | Update Compliance Director Legal Hold |
Medium | Update Compliance Director Policy |
Medium | Update Compliance Director Record Center |
Medium | Update Compliance Director Search |
Medium | Update Compliance Director Tag |
Medium | Update De-duplication Properties |
Medium | Update Export Location |
Medium | Update Iron Mountain Customer ID |
Medium | Update Media Container |
Medium | Update Media Management Configuration Parameter |
Medium | Update Media Properties |
Medium | Update Operation Window |
Medium | Update Schedule |
Medium | Update Schedule Policy |
Medium | Update Snap Volume Unit |
Medium | Update Spare Group Properties |
Medium | Update Subclient Policy |
Medium | Update User |
Medium | Update Workflow |
Medium | User Login |
Medium | User Logout |
Medium | Verify Media |
Low | A SCSI2 reservation was released for a drive, and the reservation release was successful. |
Low | Add Export Location |
Low | Add Iron Mountain Customer ID |
Low | Add Media Container |
Low | Blind Media Full Inventory |
Low | Blind Media Quick Inventory |
Low | Compliance Search |
Low | Dummy Operation - please replace. |
Low | Export Client Pass Phrase |
Low | Full Library Scan |
Low | Mark Drive Fixed |
Low | Mark Media Exported |
Low | Quick Library Scan |
Low | Reset Client Pass Phrase |
Low | Set Container for Media in VaultTracker Action |
The GUI Audit Trail Report provides a list of operations that were performed in the CommCell based on the selected severity level.