|
<< Click to Display Table of Contents >> System Access Report |
  
|
|
<< Click to Display Table of Contents >> System Access Report |
|
The System Access Report is used to track attempts made to access Thrive. This report will display the success and failures of logins accessing the system.
Select Web Client > Report Dashboard > System Access Report
System Access Report Parameters
•Facility: Select the desired facility to view audit information.
•Date Range: Enter the desired date range to view audit information. When the date is entered as MMDDYY, the system will automatically change it to MMDDCCYY format.
•Logname: Enter the desired login to view audit information. Leave this field blank to view all logins.
•Department: Enter the desired department to view audit information. Leave this field blank to view all departments.
•IP Address: Enter the desired IP Address to view audit information. Leave this field blank to view all IP addresses.
•Event: Enter a specific Access Event to view on the audit.
•Include Facility Changes: Select this option to include any facility changes on the audit.
•Include Department Changes: Select this option to include any department changes on the audit.
•Include Cover Sheet: Select this option to have a cover sheet pull with the Date and Time the report was run, User, Facility, Date Range of report, User Name and Section.
•Safe Mode: Select this option if the report would not build due to bad data being in a field. If the report has bad data, a message will appear stating to run report using the Safe Mode. If selected, Safe Mode will replace all of the bad characters with a ?. This will allow the intended report to generate. The bad data may then be seen and can be corrected from the account level.
•Output Format: Use the drop-down box to select one of the following report Format options:
▪HTML
▪XML
▪CSV
▪MAPLIST
▪TXT
•Page Orientation: Use the drop-down box to select either Landscape or Portrait as the page orientation. The default is Landscape orientation.
System Access Report
•Session ID: A unique identifier assigned to each user at the time of login and remains with the user until he/she logs out. The purpose of the Session ID is to make it easier to trace through an auditing scenario.
•Login: Pulls the login of the employee.
•Event Date: Pulls the date an event occurred.
•Event Time: Pulls the hour, minute and seconds the event occurred.
•Event: Pulls Success if the login successfully logged in to the system. Will pull Failure if the login was unsuccessful logging in to the system.
•IP Address: Pulls the IP Address from where the event occurred.
•MAC Address: Pulls the MAC Address of the device from which the event occurred.
•Internal: Pulls a Y if the login event occurred internally. An N will pull if the login event occurred externally.
•OTP: Pulls a Y if the login event used multi-factor authentication. An N will pull if the login event did not use multi-factor authentication.
•Access Event: The information that pulls to this column will depend on if the event was a Success or a Failure.
▪If the event was a success, one of the following Access Events will pull:
oLogin: The employee logged in to the system.
oLogout: The employee logged out of the system.
oFacility Change: The employee changed facilities followed by the facility that was logged in to and the device's TTY number.
oDepartment Change: The employee changed departments followed by the department number that the employee changed to and the device's TTY number.
oAccess Attempt from non-FIPS Compliant Device: The employee was able to successfully login, but it was done from a non-FIPS compliant device.
▪If the event was a failure, one of the following Access Events will pull:
oLogin Unknown to System: Attempt was made to login to the system with an invalid login.
oKnown Login - Authentication Failure: Attempt to login with a known login was made, but an incorrect password was used.
oKnown Login - Login Disabled: Attempt to login with a known login was made, but the login has been disabled.
oKnown Login - Password Locked: Attempt to login with a known login was made, but the login has been locked due to the amount of failed login attempts being exceeded.
oReset Password by 'login': The user's password has been reset in System Administration. The login displaying in the Access Event message is the login of the user that reset the password.
NOTE: To get a listing of logins with a Facility Change or a Department Change, make sure to select the "Include Facility Changes" and "Include Department Changes" prompts when running the report.