Setting Up Audit Logging on Windchill RV&S Server

As administrator, audit logging allows you to capture the results of operations performed on the Windchill RV&S server. Results are categorized as successful or failed for operations ranging from simple (such as creating a new item) to complex (involving multiple sub-operations and triggers).

In the same way that Windchill RV&S keeps a record of all changes to projects and their members during the revision process, audit logging on the Windchill RV&S server provides you with a record of all activity on the system—whether initiated by an administrator, user, integration, or trigger. Audited changes can include changes to the ACLs; however, the Windchill RV&S server does not capture any records of read events or configuration changes that are initiated through the properties files.

Auditing categories are organized into independent hierarchies, with an individual Windchill RV&S server component at the root of each category. These root component categories (workflows and documents, im; configuration management, si; or Windchill RV&S server, is) are independent of one another.

The Windchill RV&S server provides a fine granularity of auditing control, allowing you to activate or deactivate auditing at any level. As a basic rule, more specific categories override general ones. For example, in the default configuration, configuration management operations are not audited (mksis.auditor.si=false), but you can define a more specific category to audit checkout operations (mksis.auditor.si.co=true). The more specific category overrides the global setting and allows auditing only for the specified operation (in this case, checkout operations). In this way, you can specify specific operations that you want to audit.

Depending on the server usage pattern and auditing configuration, significant data can be generated and written to the audit log file. To minimize the size of the audit log, you should only audit critical operations, such as administrative operations.

You can delete and archive specified records from the Windchill RV&S server audit log using the im command. You can also choose to delete or archive records older than a specified date, thereby controlling the size of the audit log table in the database. For more information, see “Purging the Audit Log”.

The si purgeauditlog command also allows you delete or archive records from the audit log. For more information, see the CLI man pages.

By default, auditing of operations in all three components is set to false, that is, operations are not audited.

The default path to the audit log backup directory is:

You can change the default directory by redefining the property for mksis.auditlogbackdir. The target directory must have write permissions.