|Resolution||The audit logging will capture the event of a recalculation that is triggered in the Application Builder.|
The syslog server needs to be queried for the event data. The process to query the syslog server will vary depending on what capabilities/features/software is being used on the syslog server.
Below is an example of the audit logging message that gets sent to the configured Audit Logging (syslog) server when any user clicks the recalculate button from the application builder:
vendor:RSA, product:Archer, version:1.0, ArcherVersion:6.6.00400.1038,
ArcherInstance:archer,LogSourceIdentifier:192.168.4.100:0,eventtime:9/1/2020 8:42:15 PM,
eventid:14, ArcherLog:" UserId:2 UserName:"Administrator, System"
LogDate:9/1/2020 8:42:15 PM
InputParameter:levelId<System.Int32>:<ROOT><V a="37" />
</ROOT> OutputValues:void Success:True "
- The eventtime highlighted above indicates the date and time the action was triggered by the user.
- The "MethodName:ModuleManager.RecalculateLevel" highlighted above is the key event that indicates a level recalculation has been triggered by a user from the Application Builder.
- The UserName: "Administrator, System" highlighted above indicates the user that triggered the level recalculation.
- The 37 highlighted above indicates the level ID that was triggered for recalculation. This levelID is associated with an application/module. The LevelID is also in the payload (XML) of the Archer level recalculation job.