5.2.2 View Logs in the User Operation Log Window

In the User operation log window, you can search and browse logs by user. This section describes how to browse logs in the User operation log window.

The procedure is as follows:

Start the Log Viewer and click Display items settings.
The Display items settings window is displayed.
Select Log Viewing Database as the database for browsing operation logs.
Refer to "Change the database to be viewed" for details on operation.
In the menu, click User operation log.
The User operation log window is displayed.

In Select Section, select the search target groups.
In Range of display > Sub-level contained, select whether to display all users or just the users directly under the selected group.
Selecting Root directory searches for all users.
Selecting a group searches for all users in that group.
If a log for a user who is not registered in the user policy has been recorded, the user name retrieved from that log is displayed as a user in the Other users group.

List of searched users displays a list of the users who belong to the selected group.

The following table describes the items that are displayed in List of searched users:

Item name	Description
Group	This is the name of the group to which the user belongs.
User name	This is the user name entered at logon. Clicking a user name displays the log search window for that user.
Applied policy	This is the applied policy. User: User policy is applied. Group: User group policy is applied. Nothing is displayed for users in the Other users group.
Policy not applied	If the settings are configured not to apply a policy, Do not apply is displayed. Nothing is displayed if a policy has been applied and the user is in the Other users group.
Domain name	If the user has been registered in the user policy and was created through linkage with Active Directory, the domain address registered in the Active Directory linkage settings of the Server Settings Tool is displayed. If the user has been registered in the user policy and is in Local group, Local is displayed. If the user is in the Other users group, Local is displayed.
User's name	The value set in the User Policy Settings window of the Management Console is displayed. Nothing is displayed for users in the Other users group.
Employee no.	The value set in the User Policy Settings window of Management Console is displayed. Nothing is displayed for users in the Other users group.
POST	The value set in the User Policy Settings window of Management Console is displayed. Nothing is displayed for users in the Other users group.
Organization	The value set in the User Policy Settings window of Management Console is displayed. Nothing is displayed for users in the Other users group.
Organization code	The value set in the User Policy Settings window of Management Console is displayed. Nothing is displayed for users in the Other users group.
Note	The value set in the User Policy Settings window of Management Console is displayed. Nothing is displayed for users in the Other users group.
Last policy acquisition date and time	This is the date and time at which the latest policy was set. Nothing is displayed for users in the Other users group.
Server (DB) update date and time	This is the final date and time at which the Management Server or Master Management Server updated the client (CT) and smart device (agent) policy and updated it in the database (including immediate update). Nothing is displayed for users in the Other users group.
Registration datetime	This is the date and time at which the user was registered. Nothing is displayed for users in the Other users group.

Point

To change the items displayed in List of searched users, display the Display items settings window by clicking Display items settings, and then change the items in Display settings for list of searched users.
The procedure is the same as that for Display settings for list of searched CTs. Refer to "Set visible columns in [List of searched CT]" for details.

Perform one of the following operations according to the purpose of browsing the user operation logs:
- Browse logs by user
  In List of searched users, click User name of the user whose logs you want to browse.
- Browse the logs of users in the range selected in the group tree
  In List of searched users, click Group search.
The User operation log(Log view) - Log search window is displayed.
You can open and close the Search conditions, Type of log (Multiple choices), and Detailed conditions panes.
Clicking User operation log(Log view) - Log search, Type of log (Multiple choices), or Detailed conditions (the expand icon) opens the search conditions.
Clicking User operation log(Log view) - Log search, Type of log (Multiple choices), or Detailed conditions closes the search condition pane.

Set User operation log(Log view) - Log search.
To set detailed conditions such as the drive type and log collection time, click Detailed conditions.

Item name	Description
Search target	The selected search target is displayed. The user name or group name will be followed by "(User)" or "(Group)".
Search range	Searches a specified time range. If you do not specify the start time and end time of Search range, all search periods may be searched. If you do not specify any start month or date, the search will start from the beginning of the specified year (January 1). If you do not specify any start date, the search will start from the beginning of the specified month (the first day). Start date 2013 9 -: September 1, 2013 is assumed to have been specified. 2013 - -: January 1, 2013 is assumed to have been specified. -Year -Month- Day: Search from the earliest saved log. 2013 - 15: Invalid date - 9 15: Invalid date If you do not specify any end month or date, the search will end at the end of the specified year (December 31). If you do not specify any end date, the search will end at the end of the specified month (the last day). End date 2013 9 -: September 30, 2013 is assumed to have been specified. 2013 - -: December 31, 2013 is assumed to have been specified. -Year - Month _Day: Search up to the last saved log. 2013 - 15: Invalid date - 9 15: Invalid date If you omit the year, you must omit the month and day. If you omit the month, you must omit the day. The date on which you display the User operation log(Log view) - Log search window is displayed as the initial value for both the start date and end date.
Call search conditions	Invokes saved search conditions. The methods for saving or deleting search conditions are as follows: Saving Set a search condition to be saved. You can save conditions that are not included in Search range. After setting conditions, click Save search conditions. The window for saving search conditions is displayed. To save search conditions for the first time, click Save as > Register. Each administrator can save up to 10 search conditions. If 10 search conditions have already been saved, to save another, delete the oldest and register the new search condition. Up to 128 halfwidth and fullwidth characters can be entered as the search condition name. To update a search condition, click Update > Register. Deleting To delete a search condition, select the search condition name and click Delete search conditions.
Keyword	Searches according to log keyword. When specifying multiple keywords, enter a halfwidth or fullwidth space between keywords. If you specify OR condition, the search will be an OR search using more than one of the multiple keywords that you specified. If you specify AND condition, the search will be an AND search using all the multiple keywords that you specified. If you specify multiple keywords, select the OR condition or AND condition. Content enclosed within square brackets [ ] in information that is displayed in the content column and notes column of logs can be set as a keyword. The content that you can set as a keyword depends on the log type. Refer to the content and note under "Displayed content" in "8.2.1 Application Startup Log" to "8.2.22 Configuration Change Log".
Type of log	Searches a selected log type. To specify multiple log types in the search conditions, select Multiple choices. The Type of log (Multiple choices) pane opens directly below. Select the desired log types.
Classification	You can select allowed operations or unallowed operations in the policy settings. To search allowed operations, select Normal. To search unallowed operations, select Violation. Selecting All is equivalent to selecting Normal and Violation.
Device	Searches according to the selected device type. To search only client (CT) logs, select PC. To search only smart device (agent) logs, select Smart device. Selecting All sets PC and Smart device, and all device logs will be searched.

Type of log (Multiple choices)

Item name	Description
Type of log	Select the types of log to be displayed in List of logs. Refer to "Types of log that can be viewed" for details on log types. Select all: Selects all log types. Clear all: Clears all log types. Initial value: All log types are selected.

Item name

Description

Type of log

Select the types of log to be displayed in List of logs. Refer to "Types of log that can be viewed" for details on log types.

Select all: Selects all log types.
Clear all: Clears all log types.
Initial value: All log types are selected.

Detailed conditions

Item name	Description
Drive type	Searches according to drive type. The drive type condition is enabled when you specify any of the following items in Type of log: All File operation File export The following drive types can be specified - specify one or more: Removable: The following media identified by a drive letter: Floppy disk External hard disk (removable hard disk connected via USB, IEEE1394, PCMCIA, etc.) MO USB memory Compact flash memory Remote: Network drive CD/DVD: CD/DVD drive Fixed: PC fixed drive Relationship between searched logs and the settings for Type of log and Drive type If you specify File operation in Type of log, the logs for which Drive type (removable, remote, CD/DVD, fixed) is specified as the following locations A) to J) are displayed as search results: A) When creating: File creation destination B) When updating: Location of the updated file C) When viewing: Location of the viewed file D) When deleting: Location of the deleted file E) When renaming: Location of the file before renaming F) When renaming: Location of the file after renaming G) When copying: Location of the copy source file H) When copying: File copy destination I) When moving: Location of the move source file J) When moving: File move destination If you specify File export in Type of log, the logs for which Drive type (removable, remote, CD/DVD, fixed) is specified as the file export destination are displayed as search results.
Time	Not specified: Time is not included in the search conditions. Specify range: Specifies a log collection time range in search conditions. If you enter "a:00 to b:59", the search will use the time range a:00:00 to b:59:59 as a condition. If you enter "a:00 to -:59", the search will use the time range a:00:00 to 23:59:59 as a condition. If you enter "-:00 to b:59", the search will use the time range 00:00:00 to b:59:59 as a condition. If you enter both a and b, a must be equal to or less than b. If you specify two time ranges, an overlap does not pose any problem. If you specify "-" in the start time, "0" is assumed to have been specified. If you specify "-" in the end time, "23" is assumed to have been specified. The initial value contains "-" in all items (no condition has been set). Specify time: To specify the time at which a log was collected as a search condition, select the desired time. If you select more than one time, the search will be an OR search where at least one of the times selected must match. If you do not select any time, all times are assumed to have been selected. Select all: Selects all check boxes in Specify time. Clear all: Clears all check boxes in Specify time. If you specify Day of the week together with this condition, the search will be an AND search using all conditions.
Day of the week	Select all: Selects all check boxes in Day of the week. Clear all: Clears all check boxes in Day of the week. Day of the week check box: To specify the day of the week on which a log was collected as a search condition, select the desired day of the week. If you select multiple days of the week, the search will be an OR search using at least one day of the week. If you do not select any day of the week, all days of the week are assumed to have been selected. If you specify Time together with this condition, the search will be an AND search using all conditions.

Item name

Description

Drive type

Searches according to drive type.
The drive type condition is enabled when you specify any of the following items in Type of log:

All
File operation
File export

The following drive types can be specified - specify one or more:

Removable: The following media identified by a drive letter:
- Floppy disk
- External hard disk (removable hard disk connected via USB, IEEE1394, PCMCIA, etc.)
- MO
- USB memory
- Compact flash memory
Remote: Network drive
CD/DVD: CD/DVD drive
Fixed: PC fixed drive

Relationship between searched logs and the settings for Type of log and Drive type

If you specify File operation in Type of log, the logs for which Drive type (removable, remote, CD/DVD, fixed) is specified as the following locations A) to J) are displayed as search results:
- A) When creating: File creation destination
- B) When updating: Location of the updated file
- C) When viewing: Location of the viewed file
- D) When deleting: Location of the deleted file
- E) When renaming: Location of the file before renaming
- F) When renaming: Location of the file after renaming
- G) When copying: Location of the copy source file
- H) When copying: File copy destination
- I) When moving: Location of the move source file
- J) When moving: File move destination
If you specify File export in Type of log, the logs for which Drive type (removable, remote, CD/DVD, fixed) is specified as the file export destination are displayed as search results.

Time

Not specified: Time is not included in the search conditions.
Specify range: Specifies a log collection time range in search conditions.
- If you enter "a:00 to b:59", the search will use the time range a:00:00 to b:59:59 as a condition.
- If you enter "a:00 to -:59", the search will use the time range a:00:00 to 23:59:59 as a condition.
- If you enter "-:00 to b:59", the search will use the time range 00:00:00 to b:59:59 as a condition.
If you enter both a and b, a must be equal to or less than b.
If you specify two time ranges, an overlap does not pose any problem.
If you specify "-" in the start time, "0" is assumed to have been specified.
If you specify "-" in the end time, "23" is assumed to have been specified.
The initial value contains "-" in all items (no condition has been set).
Specify time: To specify the time at which a log was collected as a search condition, select the desired time. If you select more than one time, the search will be an OR search where at least one of the times selected must match. If you do not select any time, all times are assumed to have been selected.
Select all: Selects all check boxes in Specify time.
Clear all: Clears all check boxes in Specify time.

If you specify Day of the week together with this condition, the search will be an AND search using all conditions.

Day of the week

Select all: Selects all check boxes in Day of the week.

Clear all: Clears all check boxes in Day of the week.

Day of the week check box: To specify the day of the week on which a log was collected as a search condition, select the desired day of the week. If you select multiple days of the week, the search will be an OR search using at least one day of the week. If you do not select any day of the week, all days of the week are assumed to have been selected.

If you specify Time together with this condition, the search will be an AND search using all conditions.

Click Search.
Note
If you specify a large number of users or a long search period in the search conditions, the following message may be displayed:
```
[LWSV-SEL003] A search may not be possible due to the large amount of data targeted for search. Continue processing?
```
If the conditions do not need to be reviewed, continue processing.
If the search takes a long time, a timeout may occur. Alternatively, if there is a large number of search results, the search may be canceled and one of the following messages may be displayed:
```
[LVSY-ERR015] Processing will be canceled because the number of log items will exceed %d. Review the conditions.
```
```
[LWSV-ERR011] Processing will be canceled because the number of log data items (%d) was exceeded. Review the conditions.
```
In this case, refine the search conditions before performing the search again.
Examples of refining search conditions:
- Reducing the search time
- Reducing the number of users set as the search target
- Setting a search keyword
The search results are displayed in List of logs.
The search results data that is displayed in List of logs is arranged in ascending user name order and ascending date and time.
To view logs by client (CT), click Name to sort them.
You can view a list of logs of a particular user by clicking Select user and selecting the user. Alternatively, you can view a list of logs of all users.
The content that is displayed in List of logs and the procedure for operating it are the same as those for List of logs in the CT Operating Log window. Refer to "5.2.1 View Logs in the CT Operation Log Window" for details.