About querying access control events by insertion timestamp
Using AccessControlRawEventReportQuery in the platform SDK, you can query access control events by insertion timestamp, event type, position, and Access Manager role.
Security Center 18.104.22.168 SDK or later.
How it works
In Security Center 22.214.171.124, the EventStream table was added to the Access Manager database to store event data so that events can be queried by insertion timestamp through the AccessControlRawEventReportQuery in the SDK. By default, events are not added to this table when they are added to the Access Manager database. You must manually enable the events to be inserted in the EventStream table by creating an advanced setting in Config Tool.
For an example of how to use the query, refer to the AccessControlRawEventQuerySample that is included in the standard SDK samples.
Enabling access control events in the EventStream table
For events to be inserted in the EventStream table in the Access Manager database, so that they can be queried by insertion timestamp, you must first create the AccessManagerEventStream advanced setting in Config Tool.
- From the Config Tool home page, open the System task, and click the General settings view.
- Click the Advanced settings tab.
- Click Add an item ().
- In the Name field, enter AccessManagerEventStream.
In the Value field, enter
- Click Apply.