Procedure

1. Go to Logs → Query.
2. Next to Type, select System events.
   The query screen for system event logs appears.
3. In the second drop-down box next to Type, select one of the following:
   • All events: Displays the timestamp and descriptions for all system events.
   • Updates: Displays the timestamp of all scan engines and pattern file updates from the ActiveUpdate server to the IMSS admin database.
   • Service status: Displays the timestamp and descriptions when the scanner service is started or stopped.
   • Audit log: Displays the timestamp and descriptions for operations performed by specified administrator accounts.

     Note As an enhanced log category of system events, Audit log replaces Admin activity on the IMSS management console. Audit logs record various administrator operations and provide a way to query activities of specified administrator accounts.

   • Errors: Displays the timestamp and descriptions for all errors that IMSS encountered.
4. In the third drop-down box next to Type, select the server to view.
5. Next to Dates, select a date and time range.
6. If you select Audit log, specify any administrator account whose configuration changes you want to search for next to Admin accounts.

   Note Use semicolons to separate multiple administrator accounts.

7. Next to Description keywords, specify any keywords to search for.
8. Click Display Log.
   A timestamp, host name, and description appear for each event. If you select Audit log, administrator information also appears for each event.
9. Perform any of the additional actions:
   • To change the number of items that appears in the list at a time, select a new display value from the drop-down box on the top of the table.
   • To sort the table, click the column title.
   • To print the query results, click Print current page.
   • To save the query result to a comma-separated value file, click Export to CSV.