Audit log examples

Some MI Audit logging configuration examples are shown below.

An asterisk can be used to specify all events of the same type. For example. the following are equivalent:

value="UserActions:Import:*"

value="UserActions:Import:Excel:Finished, UserActions:Import:Text:Finished"

Sample audit logging configuration entries from MIServer.exe.config:

<add key="AuditLog.Enabled" value="true" />
<add key="AuditLog.Filters.Action.Include" 
  value="UserActions:Import:*,UserActions:Export:*,
  Database:Delete:Object:Record,Authorization:Failure:Read" />
<add key="AuditLog.Filters.Action.Exclude" 
  value="Database:Read,Database:Commit,
  ServiceAction:Server:API,ServiceAction:ServiceLayer:API,
  Instrumentation:GenuineChannels:RemoteMethod" />
<add key="AuditLog.Filters.Database.ObjectType.Include" value="ALL" />
<add key="AuditLog.Filters.Database.ObjectType.Exclude" value="NONE" />

To log only authentication failures, and no other events:

<add key="AuditLog.Filters.Action.Include" value="Authorization:Failure:Read" />

To log only Excel export and import events:

<add key="AuditLog.Filters.Action.Include" value="UserActions:Export:Excel:Success,
                UserActions:Export:Import:Success " />

To log all data import events (Excel imports and text imports), all data export events (Excel exports and material card exports), all Record deletions, and all read access login failures:

<add key="AuditLog.Filters.Action.Include" 
  value="UserActions:Import:*,UserActions:Export:*,Database:Delete:Object:Record,
  Authorization:Failure:Read" />