How do I access and interpret the System Audit Report in Datto SaaS Protection 2.0?
- Datto SaaS Protection 2.0
Access the System Audit Report from the partner dashboard by clicking Reporting on the top menu, then selecting Download CSV under System Audit Report.
The resulting spreadsheet contains several columns relating to system audit data:
EventClass: This will always be System.
EventType: The type of job performed. Possible outcomes are:
Timestamp: The time and date of the activity performed. Times are in UTC.
SuccessStatus: This shows of the overall success or failure of the EventType. Possible outcomes are:
Success indicates that the job (either a restore, export, or backup) was successful even if individual items failed. Failure indicates that the job (either a restore, export or backup) did not complete due to an error. For more information on errors, see the FailureReason column.
ServiceId: the ID associated with the user or service on which the activity was performed. Provide this ID to Support whenever possible in order to quickly and accurately isolate any issues.
UserEmail: The primary email address of the user or site account on which the activity was performed.
UserName: The display name of the user or site account on which the activity was performed.
ItemSuccessCount: The number of items that were successfully captured, restored, or exported.
ItemFailure Count: The number of items that failed to be captured, restored, or exported.
ApplicationType: This is the application type affected by the action. Possible outcomes:
Snapshot: This is the internal snapshot ID associated with the action. This can be provided to Datto SaaS Protection Support to further isolate any issues (only applies to restores/exports).
RetrievalType: The criteria used to select data to restore or export. If data is based on search, see the SearchTerms column for the explicit search term (only applies to restores and exports). Possible outcomes:
- Single User Search
- Customer-Wide Search
- Entire User
- Multi-User Search
SearchTerms: The search term used to initiate a restore/export/retrieval.
TargetServiceID: The ID associated with the user/service the restore was pointed to. Provide this ID to Datto SaaS Protection Support whenever possible to quickly and accurately isolate any issues (only applies to restores).
TargetUserEmail: The primary email address of the user/site account to which the restore was pointed (only applies to restores).
TargetUserName: The display name of the user/site to which the restore was pointed (only applies to restores).
SelectedItemCount: The number of items selected for restore/export actions (only applies to restores/exports).
FailureReason: In the event that the SuccessStatus is failure, this column will include specific error code information detailing the cause of the failure. These are typically unactionable and included for informational purposes.
IncludePermissions: (GSuite/Google Drive Only) This column indicates whether permissions are elected to be restored. Possible outcomes:
If True, permissions were restored, if False, permissions were removed.