When the auditing capability is enabled, document security enables you to monitor certain types of events. The events that you can see depend on your role:
Can view audited events for their policy-protected documents and for any protected documents that they receive and use.
Policy set coordinators:
Can view audited events, including document and policy events, for documents that are protected by policies from their policy sets.
Can view audited events that are related to all policy-protected documents and users. Administrators can also track other types of events, including user, document, policy, and system events.
Note: Events that are performed on a copy of a policy-protected document are also tracked as events on the original protected document.
(See Event auditing options.)
A failed event is recorded if an unauthorized user attempts to view a document or attempts to log in using an incorrect user name or password.
Note: Failed anonymous access events for documents may be logged if a policy is edited to remove anonymous access. When an authorized recipient attempts to access a document that the edited policy protects, anonymous access is still attempted but will fail.
If a policy allows anonymous user access but the administrator later turns off anonymous access for document security, anonymous access will fail for documents protected with the policy and the event will not be logged.
You can search the events list and view more detailed descriptions about events. The detailed descriptions include information such as the event ID, description, IP address, organization, user affected, date and time the event occurred, denied activities, and offline events (when users attempt to use a document when not connected to document security).
You can search for events on the Events page by using a combination of event search criteria and the dates the events occurred. The events that you can search for depend on your role:
Can view audited events for their policy-protected documents and for any protected documents that they receive and use. These search options are available:
Policy set coordinators:
Can view audited events, including document and policy events, for documents that are protected by policies from their policy sets. These options are available:
Can view audited events that are related to all policy-protected documents and users. Administrators can also track other types. Also, administrators can further subdivide event searches according to the type of user:
Server-initiated events, such as a directory synchronization.
On the document security page, click Events.
In the Find list, select the search criteria you want to use. Depending on your selection in the Find list, a second list is displayed that provides additional search criteria. If applicable, in the text box, type the search criteria.
For more details about the specific event types, see Event auditing options.
In the User list, select the user type who performed the event:
If you select Known User, a second search box is displayed, where you must type the user name or email address of the user.
If you do not know these values, click the Address book search icon to search for the user by either the user name or the email address.
In the Date list, select a date range option. If you select Custom Dates, boxes appear, where you type the date in the format yyyy/mm/dd, or you can use the Date Picker to specify the date range:
Click the calendar to open the Date Picker.
Use the arrows to find a year and month.
Click a day of the month on the calendar.
Click OK to close the Date Picker.
In the Display list, select the number of search results to display per page.
Any failed events are highlighted in the list with a denied icon.
To view details about an event, click the description of the event in the list.
You can sort the events list by column heading to find events more easily. Triangle icons next to the column heading indicate which column is currently used to sort. An upward-pointing triangle indicates ascending order, while a downward-pointing triangle indicates descending order.