The Worldox audit trails feature is extremely powerful, allowing the ability (assuming you have the proper access rights) to search through document history for individual files or for document sets.
Interpreting document history is not always easy. It helps to understand how Worldox "thinks" in tracking document history. That's the key to knowing how best to set up queries, and to understanding audit query results.
• A limitation on the per-file method of checking history
• Troubleshooting missing files
• Learn the rules. As you search document history, familiarize yourself with what various audited events actually mean. Assumptions here can only lead to confusion as you review query results.
Tip: Be sure to check event descriptions whenever you view document history. Certain events (Added and Removed, for example) mean something different to Worldox than you might expect. |
• To find deleted files, do an audit trail query by profile group and/or user. Search within the likely date range, by a specific event. You're looking for Moved to events. At many Worldox sites, deleted files are actually moved to the Salvage bin. So to find deleted files, you have to look for Moved to events.
• The action of viewing a file is itself a tracked audit event. Previewing is not a separate event. The act of previewing is tracked as a View, but only if the user scrolls down in the Viewer window or preview pane. If no scrolling happens, Worldox does not record the preview as a View event.
• If you're looking for missing files, you won't find them by looking for Added or Removed events. Also, the users and times associated with these two event types can be misleading. Here is the right way to look for missing files.
You don't have to run a full audit query to track history on one file. You can use this quick method. Just find that file, right click and select Audit > File from the right-click menu. This method is quite convenient, but has limitations of which you should be aware:
• Tracking document history per-file only finds events relating to the file within the pre-set date range (typically, in the last 60 days.)
• This per-file tracking only finds events for a file in its current location. If the file was recently moved, per-file audit tracking will only return events from after the file was moved.
Given these factors, best practice is to use per-file tracking only for checking recent document history.
To guarantee complete audit results, you should run an audit query, specifying a single Doc ID if you are only interested in one file's history. There are no date location limitations in the Audit > Search dialog. As long as you have the right Doc ID, all events - regardless of location - will be found that way for the specified file. Also, in the complete audit query method, you can select any date range needed.
Even with a well-managed document management system and well-trained users, files can go missing or turn up unexpectedly. The usual cause is external intervention - people working with documents outside Worldox, using Windows Explorer or other non-DMS software. You may not be able to pinpoint the exact cause for missing or mystery documents, but you can know when there are such changes, using the Worldox Audit Trail feature.
Worldox tracks changes by document, by event, by time/date and by user. The Removed and Added event identifiers are used when Worldox does not know how a document appeared or disappeared. Deleted or moved files, for example, are not considered Removed, as Worldox attributes the file absence to other, known events. The same goes for new files. If Worldox knows the source of the new file - the operation that caused it to appear - it is not considered Added.
Removed and added files can only be found via Indexing, or by running a query looking for removed or added files:
Set up an audit query as instructed here.
Use any search criteria needed, with this one proviso: When it comes to selecting audit events, check the Added and/or Removed checkboxes in the Events dialog.
Go ahead and run the search.
As search items are found, Worldox displays them in the Audit > Search results dialog. Here is an example, after a search for Removed files.
• Note the User column.
000000 is the Indexer's User code. When you see that, it means that Worldox itself uncovered the missing or added item. Any other User codes shown here indicate not the persons responsible for the change, but the users who ran the audit queries which uncovered the missing or added items.
• The time shown for the event is the time it was discovered, not the time the original file action took place.
These are important distinctions. A Removed or Added audit trail query only uncovers missing or added items; it does not assign responsibility or blame.
Missing files in particular can be very troublesome. Worldox Managers and Administrators naturally want to find out who is responsible. The audit trail can only give you the starting point - the fact that a document is missing or added via means unknown. Please don't misunderstand the significance of the User code attached to query results for added or removed documents.