An audit trail tracks all actions of a user that has logged on to the system. For example, you can view when a user logged on or off WorkStation, what commands the user made, and if the user changed or removed an object. Not all user actions are logged. For example, the system does not log user interface navigation and workspace switching.
For each user action, the system logs the following information:
User name and domain name
Date and time of the logged action
Path of the object that was changed
Type of action, such as Object created
Old values and new values
The audit trailing log shown in WorkStation is simple a filtered Event view that shows user related events. You can limit the number of events that are shown in the Audit trail log:
Select a time span
Select how many of the most recent events to view.
The system retains a user's historic audit trail even if the user is deleted from the system.
Audit trailing is enabled by default.
Audit trailing is enabled and disabled at the user account group level in the user account group policies. The default setting is that audit trail is enabled.
A user inherits the settings from all user account groups the user is a member of. To activate audit trailing for a user, enable audit trailing for one of the user account groups the user is a member of. To disable audit trail logging for a user, you must disable audit trail logging for all user account groups that the user is a member of.
In addition, you can enable audit trailing as a policy in a user account group.