Logging and Retention
Deployment Availability
Some logging settings are restricted depending on deployment architecture.
Logs providing diagnostic and auditing information are kept by SmartIQ, available to authorized administrators. The logs are categorized based on their type, for example, a system error is different to audit records such as a change of password. How long each category of logs is stored is configured in Retention Settings.
Personally Identifiable Information (PII) and Encryption
Binary and text data containing PII is encrypted before storage.
Retention Settings
Retention settings determine the length of time the logs are kept. This setting can be changed in Manage > Settings > Retention.
Retention setting recommendations and ability to make changes will depend on the type of environment SmartIQ is installed in as many of them are set database wide:
- Private cloud/On premise - these environments and the associated databases are fully controlled by the client.
- Cloud Multi-tenant (Shared database) - these environments support a number of tenants sharing an instance and a cloud shared database.
- Cloud Multi-tenant (Dedicated database) - these environments support a number of tenants sharing an instance but with a cloud database dedicated to the individual tenant.
Database configuration
The same cloud environment can support tenants on shared and dedicated databases at the same. Check with your Customer Service Manager if you are not sure what type of database configuration applies to your environment.
In Private cloud/On premise and Multi-tenant Cloud Instances with a dedicated database, all these settings can be modified as per the screenshot below:
These settings are restricted on Multi-tenant Cloud Instances with a shared database; only "Version History Maximum" can be set on these environments.
The settings page for these instances will appear as below:
Retention defaults
Retention defaults are as per the table below. Values in italics cannot be changed by users on that type of system and will not appear on the Retention page in Manage.
| Setting | Cloud Multi-tenant (Shared database) | Cloud Multi-tenant (Dedicated database) | Private Cloud/On Premise |
|---|---|---|---|
| Version History Maximum | 100 | 100 | 100 |
| Generation Log (Days) | 365 | 365 | 365 |
| Audit Log (Days) | 365 | 365 | 365 |
| Event Log (Days) | 365 | 365 | 365 |
| Workflow (Days) | 365 | 365 | 365 |
| Document Retention (hours) | 24 | 24 | 24 |
Maximum and Minimum Settings
Multi-tenant environments can only retain logs up to 365 days. It is recommended that minimums are not set below 28 days to enable troubleshooting information to be retained. Cloud tenants with requirements for retention below 28 days should discuss their needs with their CSM. After submission, documents are only retained in PRODUCENAME for a maximum of 24 hours. If document storage over 24 hours is required, documents should be sent to a suitable document repository of the tenant's choice eg: Sharepoint, Cloud blob storage, 3rd party database, CMIS based storage etc.
For more information on each setting:
- Version History Maximum
- Generation Logs
- Audit Logs
- Event Logs
- Keep Workflow History and Workflow Logs
- Store Location Data
- Transaction Logs
Retention period changes
If retention periods are reduced, the new value will apply immediately to all existing data. At the next scheduled clean-up, all data that lies outside the new retention values will be removed.
Version History Maximum
Sets the maximum number of revisions to Projects and Content Items to retain, allowing a rollback where necessary.
Project major and minor versions
Each save to a project in Design represents a minor version, whereas a major change is defined as when the project is closed and the designer is prompted for version comments (optional).
Generation Log
Records within the generation log will track progress once a user has opened a new form or workflow state. The record tracks:
- General metadata such as user, date started updated, etc.
- Whether the user exited the form unexpectedly, allowing recovery.
- The latitude and longitude of the user (where configured)
- The current user’s (or culmination of users where a workflow is involved) final response to each question within the form at the time the record was
Project Results depend on what is stored in generation logs. Such data will only be available as long as it is stored in the log. Generation logs can be demanding on storage. Where possible, the default of 365 should be reduced.
Management Console displays information or errors associated with generation logs, such as an error encountered when attempting to run an Action. These logs can be accessed from Manage > Management.
Click View for additional information.
Event Logs
The Event log tracks errors, warnings, and other events useful to system administrators. Records are viewed from Manage > Event Logs by administrators with the "View event log" permission.
Keep Workflow History and Workflow Logs
Granular logs pertaining to each state within a workflow are kept by SmartIQ. Each records tracks the user, create date, updated date, state within the workflow, completeness and, most importantly, the actual responses made during the state. These records allow the tracking of changes throughout a workflow. For example, user1 responded with Apple and user2 changed the response to Banana.
Enabling the keep workflow setting will keep the completed records after the workflow has been completed in full. This can assist with problem solving and activity analysis. Workflow data can be large in volume thus, by default, completed workflow records are removed. When configured to be kept an appropriate workflow logs retention should be considered.
This setting does not affect the retention of workflow history for workflows that have not yet been completed or abandoned. In progress workflow records are kept indefinitely until a workflow completes or is abandoned. The API or Manage can be used to clean up unwanted in progress workflows that have not been otherwise handled by suitable project design.
Store Location Data
When configured, stores IP/location upon user login.
Audit Logs
Audit Logs record administrative activities and accesses within SmartIQ that are security related and can provide evidence for compliance and auditing admin activity. Logs include activities such as: Login/Logout attempts, updates to users, other system entities etc. Each record contains data such as the user and date of the event it is tracking.
Auditing is enabled or disabled from Manage > Settings > General > Enable Auditing.
Audit logs are not available from the Manage interface and require database access to the AuditLog table. Enabling audit logs add large volumes of data and should only be enabled when necessary with an appropriate retention setting.
The following table indicates what actions are logged into the Audit Log.
Event | Manage | Admin API | Produce |
|---|---|---|---|
Account access control - User logged in | ✅ | ✅ | ✅ |
Account access control - User login failed | ✅ | ✅ | ✅ |
Account access control - Temporary User access failed | ✅ | ||
Account access control - User changed password | ✅ | ||
Account access control - User reset password | ✅ | ||
Approvals - Create/Edit Approval | ✅ | ||
Approvals - Delete Approval | ✅ | ||
Approvals - Restore version of approval due to project version restore | ✅ | ||
Categories - Create/Edit Category | ✅ | ||
Categories - Delete Category | ✅ | ||
Content Folders - Create Content Folder | ✅ | ✅ | |
Content Folders - Edit Content Folder | ✅ | ✅ | |
Content Folders - Delete Content Folder | ✅ | ✅ | |
Content Library - Approve Content Item | ✅ | ||
Content Library - Export Item | ✅ | ||
Content Library - Create Category | ✅ | ||
Content Library - Create/Edit Item | ✅ | ✅ | |
Content Library - Delete Item | ✅ | ✅ | |
Content Library - Export Historical Item | ✅ | ||
Content Library - Delete Content Item Folder | ✅ | ||
Content Library - Restore version of Content Item | ✅ | ||
Create User Action - Create/Edit User | ✅ | ||
Custom Fields Create/Edit Custom Field | ✅ | ||
Custom Fields Create/Edit Metadata Custom Field | ✅ | ||
Data Connections - Create/Edit Data Connection | ✅ | ✅ | |
Data Connections - Delete Data Connection | ✅ | ✅ | |
Data Connections - Delete Data Connection folder | ✅ | ||
Data Objects - Delete Data Object | ✅ | ✅ | |
Data Objects - Create/Edit | ✅ | ✅ | |
Data Objects - Access denied to data object schema | ✅ | ||
Data Objects - Create/Edit Custom Data column | ✅ | ||
Data Objects - Delete Custom Data column | ✅ | ||
LDAP Identity Provider - Create/Edit User from LDAP Login | ✅ | ||
LDAP Identity Provider - Create/Edit User from LDAP Sync | ✅ | ||
License - Update License | ✅ | ||
Projects - Edit Project | ✅ | ✅ | |
Projects - Delete Project | ✅ | ✅ | |
Projects - Export Project | ✅ | ✅ | |
Projects - Delete Project Folder | ✅ | ||
Projects - Access denied to project during export | ✅ | ||
Projects - Restore Project version | ✅ | ||
Projects- Import Project | ✅ | ||
Project Submission - Cancel Project Generation | ✅ | ||
Project Sync Pack - Export Sync Pack | ✅ | ||
Project Sync Pack - Begin Import Sync Pack | ✅ | ||
Project Sync Pack - End Import Sync Pack | ✅ | ||
Published Projects - Unpublish Project | ✅ | ||
Published Projects - Publish Project/Edit Project Publish | ✅ | ✅ | |
Publish Folders - Create Folder | ✅ | ||
Publish Folders - Edit Folder | ✅ | ||
Publish Folders - Delete Folder | ✅ | ||
Roles - Create/Edit Role | ✅ | ✅ | |
Roles - Delete Role | ✅ | ✅ | |
SAML Identity Provider - Create/Edit User from SAML Login | ✅ | ||
Scheduled Projects - Pause All | ✅ | ||
Scheduled Projects - Cancel All | ✅ | ||
Scheduled Projects - Resume All | ✅ | ||
Scheduled Projects - Pause Selected | ✅ | ||
Scheduled Projects - Cancel Selected | ✅ | ||
Scheduled Projects - Edit Scheduled Project definition | ✅ | ||
Scheduled Projects - Delete Scheduled Project definition | ✅ | ||
Scheduler - Automatic removal of Data Controller role from user(s) | ✅ | ||
Sequences - Create/Edit Sequence | ✅ | ||
Sequences - Delete Sequence | ✅ | ||
Settings - Update Settings | ✅ | ✅ | |
Settings - Update Connector Settings | ✅ | ✅ | |
Settings - Import Theme | ✅ | ||
Settings - Export Theme | ✅ | ✅ | |
Settings - Access denied to system theme during export | ✅ | ||
User Groups - Create/Edit Group | ✅ | ✅ | |
User Groups - Delete Group | ✅ | ✅ | |
Users Groups - Edit Group Address | ✅ | ||
Users - Create/Edit User | ✅ | ✅ | |
Users - Export Users | ✅ | ||
Users - Edit Roles/Groups | ✅ | ✅ | |
Users - Delete User | ✅ | ✅ | |
Windows AD Identity Provider - User Login | ✅ | ||
Windows AD Identity Provider Create User - Basic Windows Authentication | ✅ | ||
Windows AD Identity Provider - Create/Edit User from Windows Authentication Login | ✅ | ||
Windows AD Identity Provider - Create/Edit User from Windows Authentication Sync | ✅ | ||
Workflow - Terminate Workflow Task | ✅ | ✅ | |
Workflow - Unlock Workflow Task | ✅ | ✅ | |
Workflow - Unlock Concurrent Workflow Task for edit | ✅ | ||
Workflow - Reassign Workflow Task to user | ✅ | ||
Workflow Reassign - Create Temporary User for recovery of task | ✅ | ✅ | |
Workflow Save - Create Temporary User via workflow assignment | ✅ | ||
Client API (all areas) - Action with User Impersonation* | ✅ |
*This applies to the client API: any action with user impersonation enabled
Updated about 1 month ago