Querying access control events by insertion timestamp through the SDK - Security Center 5.11

Applies to
Security Center 5.11
Last updated
2022-08-01
Language
English (United States)
Product
Security Center
Version
5.11

About querying access control events by insertion timestamp

Using AccessControlRawEventReportQuery in the platform SDK, you can query access control events by insertion timestamp, event type, position, and Access Manager role.

Requirements

Security Center 5.11.0.0 SDK or later.

How it works

In Security Center 5.11.0.0, the EventStream table was added to the Access Manager database to store event data so that events can be queried by insertion timestamp through the AccessControlRawEventReportQuery in the SDK. By default, events are not added to this table when they are added to the Access Manager database. You must manually enable the events to be inserted in the EventStream table by creating an advanced setting in Config Tool.

NOTE: The Access Manager database requires disk space for additional event data when this feature is enabled.

Samples

For an example of how to use the query, refer to the AccessControlRawEventQuerySample that is included in the standard SDK samples.

Enabling access control events in the EventStream table

For events to be inserted in the EventStream table in the Access Manager database, so that they can be queried by insertion timestamp, you must first create the AccessManagerEventStream advanced setting in Config Tool.

Procedure

  1. From the Config Tool home page, open the System task, and click the General settings view.
  2. Click the Advanced settings tab.
  3. Click Add an item ().
  4. In the Name field, enter AccessManagerEventStream.
  5. In the Value field, enter True.

    Config Tool Advanced settings with Add button and AccessManagerEventStream option highlighted.
  6. Click Apply.