Appendix E: Audit log records

The following details are logged for all events:

  • 'Date' and time of the event

  • 'User-id' that is requesting/causing the event; if this is not applicable, a '0' may be logged instead.

  • 'Container session ID' - useful for tracking multiple activities done on the same user session and for further cross-matching with system logs.

  • An 'action' and zero or more parameters, as detailed below.

The audit table should be secured as needed by the system administrator by revoking the DELETE grants from it by the QueueMetrics database users.

Action class: User lifecycle (10XX)

Action: user logon - successful

  • 'Action-id': 1001

  • 'Text1': The full login, as a string, of the user logging on

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': The login that was actually entered by the user, if different from current login. This may differ e.g. if a user logs on with their e-mail, or if a LDAP/JSON driver rewrites the source log-in to a QM login.

Action: user logoff

  • 'Action-id': 1002

  • 'Text1': The full login, as a string, of the user logging off

  • 'Text2': The IP address (dotted quad) of the user’s workstation

This event tracks only manual logoffs. Other causes of disconnection (e.g.. the user closes his browser, session timeouts, etc) are not tracked. Therefore you cannot count on having a logoff event for each logon event.

Action: user logon - unsuccessful

  • 'Action-id': 1003

  • 'Text1': The full login, as a string, of the user that tried to log on

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': The error message displayed

Action: password change

  • 'Action-id': 1004

  • 'Text1': The full login, as a string, of the user logging on

  • 'Text2': The IP address (dotted quad) of the user’s workstation

A password change that you find logged may either have been initiated by a user on their own, or might have been forced by the administrator through a special link - see section Password reset.

SSO: OAuth consent granted

  • 'Action-id': 1005

  • 'Text1': The email of OAuth user

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': The SSO driver providing authentication

This record is usually followed by a proper Login record.

SSO: OAuth consent failed

  • 'Action-id': 1006

  • 'Text1': The full text of the error (if available)

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': The SSO driver providing authentication

SSO: OAuth profile failed

  • 'Action-id': 1007

  • 'Text1': The full text of the error (if available)

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': The SSO driver providing authentication

SSO: User locked

  • 'Action-id': 1008

  • 'Text1': The email of OAuth user

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': The SSO driver providing authentication

Current user appears to be locked, so no login is possible.

SSO: User not enabled

  • 'Action-id': 1009

  • 'Text1': The email of OAuth user

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': The SSO driver providing authentication

Current user does not have a token matching the returned SSO profile.

SSO: New user created

  • 'Action-id': 1010

  • 'Text1': The email of OAuth user

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': The SSO driver providing authentication

  • 'Text3': The remote ID on the SSO system, to be used for enabling the user.

Action class: Key management (11XX)

Action: key changed

  • 'Action-id': 1101

  • 'Text1': The full login, as a string, of the user logging on

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': The new key that was installed

Action: key accessed via XML-RPC

  • 'Action-id': 1102

  • 'Text1': The full login, as a string, of the user logging on

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': The key that was passed (it may be blank if it was just a query)

Action: AGAW key changed

  • 'Action-id': 1103

  • 'Text1': The full login, as a string, of the user logged on

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': The new key that was installed

Action: AGAW key accessed via XML-RPC

  • 'Action-id': 1104

  • 'Text1': The full login, as a string, of the user logging on

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': The key that was passed (it may be blank if it was just a query)

Action: AGAW restarted

This action is logged only when the AGAW runner is restarted from the web GUI.

  • 'Action-id': 1105

  • 'Text1': The full login, as a string, of the user logging on

  • 'Text2': The IP address (dotted quad) of the user’s workstation

Action class: QueueLog editing (20XX)

Action: QueueLog edited

  • 'Action-id': 2001

  • 'Text1': The full login, as a string, of the user logging on

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': The new statement

  • 'Text4': The SQL rollback statement.

This event is triggered by a change to the queue_log made by the Payroll module. A rollback SQL statement is supplied in case it is needed to revert the changes.

Action class: QA editing (21XX)

Action: QA form deleted

  • 'Action-id': 2101

  • 'Text1': The full login, as a string, of the user logging on

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': The rollback SQL statement

Action: Deletion of a comment

  • 'Action-id': 2102

  • 'Text1': The full login, as a string, of the user logging on

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': Which comment was deleted

Action: Deletion of all comments

  • 'Action-id': 2103

  • 'Text1': The full login, as a string, of the user logging on

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': Which call was involved

Action class: Recordings (22XX)

Action: Media tag removed

  • 'Action-id': 2201

  • 'Text1': The tag id

Action: Media tag added

  • 'Action-id': 2202

  • 'Text1': Tag ID and call ID

Action: MediaProxy - Media played

  • 'Action-id': 2203

  • 'Text1': The URL played

  • 'Text2': How many bytes were transferred and how long it took. Note that even if the file was trasferred in its entirety, we do not know whether it was listened to or not.

Action: MediaProxy - Media failed

  • 'Action-id': 2204

  • 'Text1': HTTP error code, request duration and URL

  • 'Text2': The recording’s randomId

Action: MediaProxy - Media denied

  • 'Action-id': 2205

  • 'Text1': Reason for denial

  • 'Text2': The recording’s randomId

Action class: Realtime agent management (23XX)

See also: Platform actions.

Action: Realtime Agent Logon

  • 'Action-id': 2301

  • 'Text1': The full login, as a string, of the user logging on

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': AgentCode: XXX AgentExtension: XXX

Action: Realtime Agent Logoff

  • 'Action-id': 2302

  • 'Text1': The full login, as a string, of the user logging on

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': AgentCode: XXX AgentExtension: XXX

Action: Realtime Agent Pause

  • 'Action-id': 2303

  • 'Text1': The full login, as a string, of the user logging on

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': AgentCode: XXX AgentExtension: XXX

Action: Realtime Agent Unpause

  • 'Action-id': 2304

  • 'Text1': The full login, as a string, of the user logging on

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': AgentCode: XXX AgentExtension: XXX

Action: Realtime Agent SMS

  • 'Action-id': 2305

  • 'Text1': The full login, as a string, of the user logging on

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': AgentCode: XXX AgentExtension: XXX

Action class: Realtime call management (24XX)

Action: Call soft hangup

  • 'Action-id': 2401

  • 'Text1': The full login, as a string, of the user logging on

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': AgentCode: XXX AgentExtension: XXX UniqueID: XXXXXXXXXX

Action: Call transfer

  • 'Action-id': 2402

  • 'Text1': The full login, as a string, of the user logging on

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': AgentCode: XXX AgentExtension: XXX UniqueID: XXXXXXXXXX

Action: Call closure

  • 'Action-id': 2403

  • 'Text1': The full login, as a string, of the user logging on

  • 'Text2': The IP address (dotted quad) of the user’s workstation

  • 'Text3': UniqueID: XXXXXXXXXX

Action class: Engine audits (25XX)

For all engine audits, there is a "description" field that details:

  • The type of report requested: Historical report or Real-time page. JSON webservices run either of these.

  • A description of the filtering parameters in JSON format.

Action: Too many rows scanned

  • 'Action-id': 2501

  • 'Text1': The number of queue_log rows scanned

  • 'Text2': A description of the report (see above)

Action: Report taking too long

  • 'Action-id': 2502

  • 'Text1': The actual duration of computing this report

  • 'Text2': A description of the report (see above)

Action: License error

  • 'Action-id': 2503

  • 'Text1': The number of agents you’d need to run tshis report

  • 'Text2': A description of the report (see above)

Action: Out of memory error

  • 'Action-id': 2504

  • 'Text1': Blank

  • 'Text2': A description of the report (see above)

Action: Exceeded maximum reporting period

  • 'Action-id': 2509

  • 'Text1': Requested duration, in days

  • 'Text2': Maximum possible duration, in days

See Maximum reporting period for further details.

Action: Report created

  • 'Action-id': 2505

  • 'Text1': Id report

  • 'Text2': Name

Action: Report processed

  • 'Action-id': 2506

  • 'Text1': Id report

  • 'Text2': Name

Action: Report Saved

  • 'Action-id': 2507

  • 'Text1': Id report

  • 'Text2': Name

Action: Report Deleted

  • 'Action-id': 2508

  • 'Text1': Id report

  • 'Text2': Name

Action class: Platform actions (26XX)

See also: Realtime agent management.

Action: LOGIN

  • 'Action-id': 2601

  • 'Text1': agent

  • 'Text2': extension

Action: LOGOFF

  • 'Action-id': 2602

  • 'Text1': agent

Action: ADDMEMBER

  • 'Action-id': 2603

  • 'Text1': agent

  • 'Text2': extension

  • 'Text3': queue(s)

Action: REMOVEMEMBER

  • 'Action-id': 2604

  • 'Text1': agent

  • 'Text2': extension

  • 'Text3': queue(s)

Action: PAUSE

  • 'Action-id': 2605

  • 'Text1': agent

  • 'Text2': extension

Action: UNPAUSE

  • 'Action-id': 2606

  • 'Text1': agent

  • 'Text2': extension

Action: OUTCOME

  • 'Action-id': 2607

  • 'Text1': call-id

  • 'Text2': outcome

Action: ADD FEATURE CODE

  • 'Action-id': 2608

  • 'Text1': callid

  • 'Text2': -

  • 'Text3': feature

Action: REMOVE FEATURE CODE

  • 'Action-id': 2609

  • 'Text1': callid

  • 'Text2': -

  • 'Text3': feature

Action: CUSTOM DIAL

  • 'Action-id': 2610

  • 'Text1': extension

  • 'Text2': target extension

  • 'Text3': queue-id (campaign)

Action: SEND SMS

  • 'Action-id': 2611

  • 'Text1': extension

  • 'Text2': target extension

  • 'Text3': message

Action: HANGUP

  • 'Action-id': 2612

  • 'Text1': call-id

  • 'Text2': agent

Action: TRANSFER

  • 'Action-id': 2613

  • 'Text1': call-id

  • 'Text2': destination extension

  • 'Text3': agent

Action: MONITOR INBOUND CALL

  • 'Action-id': 2614

  • 'Text1': call-id

  • 'Text2': extension to monitor

  • 'Text3': Mode and queue

Action: MONITOR OUTBOUND CALL

  • 'Action-id': 2615

  • 'Text1': call-id

  • 'Text2': extension to monitor

  • 'Text3': Mode and queue

Action: SET VARIABLE

  • 'Action-id': 2616

  • 'Text1': call-id

  • 'Text2': variable = value

Action class: Cron jobs (30XX)

Action: Cronjob dispatcher started

  • 'Action-id': 3001

This happens each and every time QM restarts.

Action: Cronjob run successfully

  • 'Action-id': 3002

  • 'Text1': Job ID and name

  • 'Text2': Job status

  • 'Text3': Duration of the job

Action: Cronjob error

  • 'Action-id': 3003

  • 'Text1': Job ID and name

  • 'Text2': Job status

  • 'Text3': Duration of the job

Action: Export failed

  • 'Action-id': 3004

  • 'Text1': Report ID and type of export

  • 'Text2': Error description

This will be logged every time an export fails, be it manually trigged or by a cron job. If the export that failed was run by a cron job, you will also find the Cronjob error (code 3003).

Action class: E-mail (31XX)

If you encounter issues with e-mail delivery, please refer to the SMTP debug page at SMTP test.

Action: E-mail sent successfully

  • 'Action-id': 3101

  • 'Text1': Recipent(s)

  • 'Text2': Subject

  • 'Text3': Size (if available)

Action: E-mail sending failed

  • 'Action-id': 3102

  • 'Text1': Recipent(s)

  • 'Text2': Subject

  • 'Text3': Size (if available)

  • 'Text4': Error description. A complete stack trace may be available on the logs.

Action class: AMO events (32xx)

Action: AMO list completed

  • 'Action-id': 3201

  • 'Text1': The campaign that the list belongs to

  • 'Text2': The list that was completed

  • 'Text3': Whether the list is currently reservable

  • 'Text4': -

Action: AMO list reopened

  • 'Action-id': 3202

  • 'Text1': The campaign that the list belongs to

  • 'Text2': The list that was completed

  • 'Text3': Whether the list is currently reservable

  • 'Text4': -

Action: AMO campaign completed

  • 'Action-id': 3203

  • 'Text1': The campaign

  • 'Text2': -

  • 'Text3': -

  • 'Text4': -

Action: AMO campaign reopened

  • 'Action-id': 3204

  • 'Text1': The campaign

  • 'Text2': -

  • 'Text3': -

  • 'Text4': -

Action: AMO number batch loaded

This event is triggered by an API insert or a batch uploiad of numbers.

  • 'Action-id': 3205

  • 'Text1': The campaign that the list belongs to

  • 'Text2': The list that was completed

  • 'Text3': How many numbers were added

  • 'Text4': -

Action: AMO list updated via API

  • 'Action-id': 3206

  • 'Text1': The campaign that the list belongs to

  • 'Text2': The list that was completed

  • 'Text3': The current list weight after the update

  • 'Text4': Whether the campaign is paused

Action: AMO numbers recycled for list

  • 'Action-id': 3207

  • 'Text1': The campaign that the list belongs to

  • 'Text2': The list that was completed

  • 'Text3': How many numbers were recycled in this run

  • 'Text4': -

Action class: Configuration changes (4XXX)

Configuration changes are logged in the same way for most configuration editors.

This works whether the user started the change from the GUI, or a webservice is performing the change, or QM itself through the Synchronizer.

When the detail of a specific element is recalled, the action is logged as "Displayed", while when a change is made, the action is logged as "Changed".

On Changed actions, you can have:

  • New items

  • Items cloned

  • Items saved (from scratch or from a previous version)

  • Items deleted

Note that any time you press Save, the item is logged as changed, even if you change no items, because at least the last change date is updated.

Whenever possible, the current "title" for the editor is logged along the record’s id.

In general, the remote IP and session IDs are noot traced, but you will likely have a close logon/logoff record for the same user that you can match.

The following codes are logged:

  • QUEUES_VIEW: 4001

  • QUEUES_UPDATE: 4002

  • AGENTGROUPS_UPDATE: 4012

  • AGENTGROUPS_VIEW: 4011

  • AGENTS_UPDATE: 4022

  • AGENTS_VIEW: 4021

  • BROADCASTMSG_UPDATE: 4032

  • BROADCASTMSG_VIEW: 4031

  • CALLTAGS_UPDATE: 4042

  • CALLTAGS_VIEW: 4041

  • CBTS_UPDATE: 4052

  • CBTS_VIEW: 4051

  • CLASSES_UPDATE: 4062

  • CLASSES_VIEW: 4061

  • CRONJOBS_UPDATE: 4072

  • CRONJOBS_VIEW: 4071

  • DNIS_UPDATE: 4082

  • DNIS_VIEW: 4081

  • EXPORTCALLS_UPDATE: 4092

  • EXPORTCALLS_VIEW: 4091

  • EXPORTJOBS_UPDATE: 4102

  • EXPORTJOBS_VIEW: 4101

  • FEATURES_UPDATE: 4112

  • FEATURES_VIEW: 4111

  • IVR_UPDATE: 4122

  • IVR_VIEW: 4121

  • KNOWNNUMBERS_UPDATE: 4132

  • KNOWNNUMBERS_VIEW: 4131

  • LOCATIONS_UPDATE: 4142

  • LOCATIONS_VIEW: 4141

  • OUTCOMES_UPDATE: 4152

  • OUTCOMES_VIEW: 4151

  • PCODES_UPDATE: 4162

  • PCODES_VIEW: 4161

  • QAFORMS_UPDATE: 4172

  • QAFORMS_VIEW: 4171

  • QAITEMS_UPDATE: 4182

  • QAITEMS_VIEW: 4181

  • QAPERFTRACKRULEGROUPS_UPDATE: 4192

  • QAPERFTRACKRULEGROUPS_VIEW: 4191

  • REPORTSEXPORT_UPDATE: 4202

  • REPORTSEXPORT_VIEW: 4201

  • SKILLS_UPDATE: 4212

  • SKILLS_VIEW: 4211

  • TASKLIST_UPDATE: 4222

  • TASKLIST_VIEW: 4221

  • USERS_UPDATE: 4232

  • USERS_VIEW: 4231

  • CFGPROPS_UPDATE: 4242 (showing which property was changed when using the Explore System Parameters ttransaction)

  • CFGPROPS_VIEW: 4241

  • CUSTOMBLOCKS_UPDATE: 4252

  • CUSTOMBLOCKS_VIEW: 4251

  • CLIENTS_UPDATE: 4262

  • CLIENTS_VIEW: 4261

  • CASES_UPDATE: 4272

  • CASES_VIEW: 4271

  • AMO_LISTS_UPDATE: 4282

  • AMO_LISTS_VIEW: 4281

  • AMO_NUMBERS_UPDATE: 4292

  • AMO_NUMBERS_VIEW: 4291