Tag: Audit

Audit Trail Documentation

Post author By Bhargav Atturu
Post date September 13, 2022

*** INTERNAL USE ***

Description

This document contains information on the data in the audit trail alongside the plugin IDs

Product

Exacq Server/Plugins

Audit Trail

1;0;0; Discovery
2;2;0; Successful Login
2;0;0; Successful Logout
2;2;-3; Failed Login (bad username/password)
2;2;-2; Failed Login (missing account)
2;2;-1; Failed Login (invalid XML)
2;2;3; AD/LDAP Login Failed
2;2;2; LDAP Unauthorized
2;2;1; LDAP Failure
3;1;0; Various status updates
4;3;0; Config update
5;1;0; Subscribe/Unsubscribe Live (video,audio,point-of-sales)
6;1;0; Search request
8;1;0; PTZ activity
9;3;0; License update
10;*;0; Binary data
11;1;0; Client save or export
12;1;0; Remote Client (VideoPush)

Plugin IDs

See also: ExacqVision IP Plugin IDs

SimplePI	0x00010000
ConsumerPI	0x00020000
ProducerPI	0x00030000
XDVPI	0x00040000
PSFPI	0x00050000
StreamPI	0x00060000
AxisPI	0x00070000
LogPI	0x00080000
ScriptPI	0x00090000
EventPI	0x000a0000
GroupsPI	0x000b0000
NotifyPI	0x000c0000
SerialPI	0x000d0000
POSPI	0x000e0000
ExportPI	0x000f0000
PTZPI	0x00100000
IQeyePI	0x00110000
SonyPI	0x00120000
EvtLogPI	0x00130000
SoundPI	0x00140000
PanasonicPI	0x00150000
ACTiPI	0x00160000
IPCamDetectPI	0x00170000
ArecontPI	0x00180000
VivotekPI	0x00190000
onvifnvcPI	0x001a0000
SoftTriggerPI	0x00200000
ArecontTFTP	0x00210000
ioimagePI	0x00220000
StarDotPI	0x00230000
BoschPI	0x00240000
CanonPI	0x00250000
IpxPI	0x00260000
StretchPI	0x00270000
BaslerPI	0x00280000
GanzPI	0x00290000
RtspPI	0x00300000
SanyoPI	0x00310000
PelcoPI	0x00320000
HttpPI	0x00330000
illustraPI	0x00340000
HikVisionPI	0x00350000
UdpPI	0X00360000
SysMgmtPI	0x00370000
UpdatePI	0x00380000
ArchivePI	0x00390000
Dahua	0x00400000
SamsungPI	0x00410000
GanzPixelProPI	0x00420000
UsbdioPI	0x00430000
NetworkStoragePI	0x00440000
illustraFlexPI	0x00450000
illustra3PI	0x00460000
tDVRpi	0x00470000
videotestpi	0x00480000
DahuaPI	0x00490000
kantechpi	0x004A0000
itv2pi	0x004B0000
DiscoveryPI	0x004C0000
dynacolorpi	0x004D0000
honeywellpi	0x004E0000
bentelpi	0x004F0000
boschsecpi	0x00500000
analyticpi	0x00510000
dmppi	0x00520000
ccurepi	0x00530000
failbackpi	0x00540000
rtspserverpi	0x00550000
tycodlpi	0x00560000
axisbwpi	0x00570000
napcopi	0x00580000
brivopi	0x00590000
illustramultipi	0x005A0000
illustrabwpi	0x005B0000
Core	0x80000000

<br>

Tags Server, Trail, Logs, Internal, Audit, Plugin ID, 12776

Knowledge Support Support Categories Products exacqVision Integrations

Audit Trail Format

Post author By Bhargav Atturu
Post date May 7, 2021

**INTERNAL**

Here are a couple example lines from an audit trail file. Both the audit and logs subdirectories under core are managed virtually identically, with file naming, and with how the oldest files are deleted after a configurable amount of time.

1334844630;11;1;0;10.0.2.2:55650;Admin;””;

1334844649;6;1;0;10.0.2.2:55650;Admin;””;<?xml ?> 1334680687;4;3;0;10.0.2.2:60018;Admin;”Alarm Output 1, Input 1, Input 1x, Input 2, Input 3, Trigger Input 1″;<?xml ?>

ipAddress=”192.168.102.238″ Port=”80″ username=”root” Enabled=”1″

OEM=”Vivotek” />

1334680702;5;1;0;10.0.2.2:60018;Admin;”Input 1x”;<?xml ?>

Field 0 – timestamp in seconds

Field 1 – eDVR packet type

Field 2 – eDVR packet subtype

Field 3 – eDVR packet status (almost always expected to be 0 – the only exception I can think of offhand is invalid login) Field 4 – system IP address:port Field 5 – eV username Field 6 – cached names (if found) Field 7 – XML snippet (if existing)

Packet Types:

0 – PACKET_TYPE_RESERVED

1 – PACKET_TYPE_DISCOVER

2 – PACKET_TYPE_LOGIN

3 – PACKET_TYPE_STATUS

4 – PACKET_TYPE_CONFIG

5 – PACKET_TYPE_LIVE

6 – PACKET_TYPE_STORED

7 – PACKET_TYPE_KEY

8 – PACKET_TYPE_PTZ

9 – PACKET_TYPE_LICENSE

10 – PACKET_TYPE_BINARY

11 – PACKET_TYPE_CLIENT_AUDIT

Packet Subtypes:

1 – Generally means request (client sends to server)

2 – Generally means response (server responds to client)

3 – Config update requests from clients will often be 3

(CONFIG_SUBTYPE_UPDATE_REQ)

4 – Config update asks from servers will often be 4

(CONFIG_SUBTYPE_UPDATE_ACK)

So #1 above with 11/1/0 means PACKET_TYPE_CLIENT_AUDIT request from client, telling the server that it will report whenever it does any client-side actions like export video, print image, etc.

#2 above with 6/1/0 means PACKET_TYPE_STORED request from client, with the accompanying search XML. From that you can see an LDAP query was being attempted from the user config panel, or enterprise users.

#3 above with 4/3/0 means PACKET_TYPE_CONFIG/CONFIG_SUBTYPE_UPDATE_REQ,

with the accompanying config update XML. Form that you can see exactly what the client was trying to update. In this case, field 6 (cached names) actually captures the camera/trigger/etc. names that it recognizes in the XML.

#4 above with 5/1/0 means PACKET_TYPE_LIVE request from client, where it’s trying to subscribe to stream ID 1641472. There actually is a way to figure out the specific plugin from that number, if you need to know that.

Tags Level2, Audit, Audit Trail Format, Trail Format, 5407

Knowledge Support Support exacqVision Client Categories Products

ExacqVision Audit Trail

Post author By Bhargav Atturu
Post date February 9, 2012

The ExacqVision Audit Trail tab allows you to view a log of various actions performed by users on an ExacqVision Server via their client connection.

The Audit Trail tab is found on the System Information page (click the system name in the site tree to view the page).

NOTE: Audit Trail is not available in ExacqVision Start.

Each action logged in the Audit Trail is listed by time, user IP address, username, action type, sources (systems, cameras, and so on), and details. The following describes all the action types logged on the Audit Trail tab and their associated information listed in the Details column. In most cases, you must double-click the entry to view the details of the action in XML format

exacqVision Server Audit Trail Definitions

<br>

Tags Guest, KB-00464-464-210212, 2838, Audit, Audit Trail