HomeGuidesRecipesAPI
HomeGuidesAPILog In

Logging and Retention

πŸ“˜

Deployment Availability

Some logging settings are restricted depending on deployment architecture.

Logs providing diagnostic and auditing information are kept by SmartIQ, available to authorized administrators. The logs are categorized based on their type, for example, a system error is different to audit records such as a change of password. How long each category of logs is stored is configured in Retention Settings.

πŸ“˜

Personally Identifiable Information (PII) and Encryption

Documents, files and text data containing PII are all encrypted before storage.

Retention Settings

Retention settings determine the length of time the logs are kept. This setting can be changed in Manage > Settings > Retention.

Retention setting recommendations and ability to make changes will depend on the type of environment SmartIQ is installed in as many of them are set database wide:

  1. Cloud Multi-tenant (Shared database) - These environments support a number of tenants sharing an instance and a cloud shared database.
  2. Cloud Multi-tenant (Dedicated database) - These environments support a number of tenants sharing an instance but with a cloud database dedicated to the individual tenant.

⚠️

Database Configuration

The same cloud environment can support tenants on shared and dedicated databases at the same. Check with your Customer Service Manager if you are not sure what type of database configuration applies to your environment.

These settings are restricted on Multi-tenant Cloud Instances with a shared database. Only "Version History Maximum" can be set on these environments.

The settings page for these instances will appear as below:

Retention Defaults

Retention defaults are as per the table below. Values in italics cannot be changed by users on that type of system and will not appear on the Retention page in Manage.

SettingCloud Multi-tenant (Shared database)Cloud Multi-tenant (Dedicated database)
Version History Maximum100100
Generation Log (Days)365365
Audit Log (Days)365365
Event Log (Days)9090
Workflow (Days)365365
Document Retention (hours)2424

πŸ“˜

Maximum and Minimum Settings

Multi-tenant environments can only retain logs up to 365 days. It is recommended that minimums are not set below 28 days to enable troubleshooting information to be retained. Cloud tenants with requirements for retention below 28 days should discuss their needs with their CSM. After submission, documents are only retained in SmartIQ for a maximum of 24 hours. If document storage over 24 hours is required, documents should be sent to a suitable document repository of the tenant's choice eg: Sharepoint, Cloud blob storage, 3rd party database, CMIS based storage etc.

For more information on each setting:

πŸ“˜

Retention period changes

If retention periods are reduced, the new value will apply immediately to all existing data. At the next scheduled clean-up, all data that lies outside the new retention values will be removed.

Version History Maximum

Sets the maximum number of revisions to Projects and Content Items to retain, allowing a rollback where necessary.

πŸ“˜

Project major and minor versions

Each save to a project in Design represents a minor version, whereas a major change is defined as when the project is closed and the designer is prompted for version comments (optional).

Generation Log

Records within the generation log will track progress once a user has opened a new form or workflow state. The record tracks:

  • General metadata such as user, date started updated, etc.
  • Whether the user exited the form unexpectedly, allowing recovery.
  • The latitude and longitude of the user (where configured)
  • The current user’s (or culmination of users where a workflow is involved) final response to each question within the form at the time the record was

Project Results depend on what is stored in generation logs. Such data will only be available as long as it is stored in the log. Generation logs can be demanding on storage. Where possible, the default of 365 should be reduced.

Management Console displays information or errors associated with generation logs, such as an error encountered when attempting to run an Action. These logs can be accessed from Manage > Management.

Click View for additional information.

Event Logs

The Event log tracks errors, warnings, and other events useful to system administrators. Records are viewed from Manage > Event Logs by administrators with the "View event log" permission.

Keep Workflow History and Workflow Logs

Granular logs pertaining to each state within a workflow are kept by SmartIQ. Each record tracks the user, create date, updated date, state within the workflow, completeness, and most importantly, the actual responses made during the state. These records allow the tracking of changes throughout a workflow. For example, user1 responded with Apple and user2 changed the response to Banana.

Enabling the keep workflow setting will keep the completed records after the workflow has been completed in full. This can assist with problem-solving and activity analysis. Workflow data can be large in volume thus, by default, completed workflow records are removed. When configured to be kept, an appropriate workflow log retention should be considered.

πŸ“˜

It is possible to force the removal from the logs of any form content and links to the user who completed it, on workflow completion using the Keep Form History After Completion flag in the Publish settings on an individual project basis. See Publishing a Project. The basic workflow history (ie: dates and time, state flow etc are preserved until the normal workflow retention cleanup occurs.).

These settings do not affect the retention of workflow history for workflows that have not yet been completed or abandoned. In-progress workflow records are kept indefinitely until a workflow completes or is abandoned. The API or Manage can be used to clean up unwanted in-progress workflows that have not been otherwise handled by suitable project design.

Store Location Data

When configured, stores IP/location upon user login.

Audit Logs

Audit Logs record administrative activities and accesses within SmartIQ that are security related and can provide evidence for compliance and auditing admin activity. Logs include activities such as Login/Logout attempts, updates to users, other system entities, etc. Each record contains data such as the user and the date of the event it is tracking.

Auditing is enabled or disabled from Manage > Settings > General > Enable Auditing.

Audit logs are not available from the Manage interface and require database access to the AuditLog table. Enabling audit logs adds large volumes of data and should only be enabled when necessary with an appropriate retention setting.

The following table indicates what actions are logged into the Audit Log.

EventManageAdmin APIProduce
Account access control - User logged inβœ…βœ…βœ…
Account access control - User login failedβœ…βœ…βœ…
Account access control - Temporary User access failedβœ…
Account access control - User changed passwordβœ…
Account access control - User reset passwordβœ…
Approvals - Create/Edit Approvalβœ…
Approvals - Delete Approvalβœ…
Approvals - Restore version of approval due to project version restoreβœ…
Categories - Create/Edit Categoryβœ…
Categories - Delete Categoryβœ…
Content Folders - Create Content Folderβœ…βœ…
Content Folders - Edit Content Folderβœ…βœ…
Content Folders - Delete Content Folderβœ…βœ…
Content Library - Approve Content Itemβœ…
Content Library - Export Itemβœ…
Content Library - Create Categoryβœ…
Content Library - Create/Edit Itemβœ…βœ…
Content Library - Delete Itemβœ…βœ…
Content Library - Export Historical Itemβœ…
Content Library - Delete Content Item Folderβœ…
Content Library - Restore version of Content Itemβœ…
Create User Action - Create/Edit Userβœ…
Custom Fields Create/Edit Custom Fieldβœ…
Custom Fields Create/Edit Metadata Custom Fieldβœ…
Data Connections - Create/Edit Data Connectionβœ…βœ…
Data Connections - Delete Data Connectionβœ…βœ…
Data Connections - Delete Data Connection folderβœ…
Data Objects - Delete Data Objectβœ…βœ…
Data Objects - Create/Edit
Data Object
βœ…βœ…
Data Objects - Access denied to data object schemaβœ…
Data Objects - Create/Edit Custom Data columnβœ…
Data Objects - Delete Custom Data columnβœ…
LDAP Identity Provider - Create/Edit User from LDAP Loginβœ…
LDAP Identity Provider - Create/Edit User from LDAP Syncβœ…
License - Update Licenseβœ…
Projects - Edit Projectβœ…βœ…
Projects - Delete Projectβœ…βœ…
Projects - Export Projectβœ…βœ…
Projects - Delete Project Folderβœ…
Projects - Access denied to project during exportβœ…
Projects - Restore Project versionβœ…
Projects- Import Projectβœ…
Project Submission - Cancel Project Generationβœ…
Project Sync Pack - Export Sync Packβœ…
Project Sync Pack - Begin Import Sync Packβœ…
Project Sync Pack - End Import Sync Packβœ…
Published Projects - Unpublish Projectβœ…
Published Projects - Publish Project/Edit Project Publishβœ…βœ…
Publish Folders - Create Folderβœ…
Publish Folders - Edit Folderβœ…
Publish Folders - Delete Folderβœ…
Roles - Create/Edit Roleβœ…βœ…
Roles - Delete Roleβœ…βœ…
SAML Identity Provider - Create/Edit User from SAML Loginβœ…
Scheduled Projects - Pause Allβœ…
Scheduled Projects - Cancel Allβœ…
Scheduled Projects - Resume Allβœ…
Scheduled Projects - Pause Selectedβœ…
Scheduled Projects - Cancel Selectedβœ…
Scheduled Projects - Edit Scheduled Project definitionβœ…
Scheduled Projects - Delete Scheduled Project definitionβœ…
Scheduler - Automatic removal of Data Controller role from user(s)βœ…
Sequences - Create/Edit Sequenceβœ…
Sequences - Delete Sequenceβœ…
Settings - Update Settingsβœ…βœ…
Settings - Update Connector Settingsβœ…βœ…
Settings - Import Themeβœ…
Settings - Export Themeβœ…βœ…
Settings - Access denied to system theme during exportβœ…
User Groups - Create/Edit Groupβœ…βœ…
User Groups - Delete Groupβœ…βœ…
Users Groups - Edit Group Addressβœ…
Users - Create/Edit Userβœ…βœ…
Users - Export Usersβœ…
Users - Edit Roles/Groupsβœ…βœ…
Users - Delete Userβœ…βœ…
Windows AD Identity Provider - User Loginβœ…
Windows AD Identity Provider Create User - Basic Windows Authenticationβœ…
Windows AD Identity Provider - Create/Edit User from Windows Authentication Loginβœ…
Windows AD Identity Provider - Create/Edit User from Windows Authentication Syncβœ…
Workflow - Terminate Workflow Taskβœ…βœ…
Workflow - Unlock Workflow Taskβœ…βœ…
Workflow - Unlock Concurrent Workflow Task for editβœ…
Workflow - Reassign Workflow Task to userβœ…
Workflow Reassign - Create Temporary User for recovery of taskβœ…βœ…
Workflow Save - Create Temporary User via workflow assignmentβœ…
Client API (all areas) - Action with User Impersonation*βœ…

*This applies to the client API: any action with user impersonation enabled