Investigating user related activity on your Security Center system - Security Center 5.7

Security Center Administrator Guide 5.7

Applies to
Security Center 5.7
Last updated
Content type
Guides > Administrator guides
English (United States)
Security Center

You can view all user activity related to video, access control, and LPR, using the Activity trails report.

Before you begin

To receive results in the Activity trails report, you must already be monitoring user activity. You can select which activities to monitor and record in the database from the System task

What you should know

For example, you can use the Activity trails task to find out who played back which video recordings, who blocked a camera, who activated a threat level, who requested a credential badge to be printed, who used the Hotlist and permit editor task, or who enabled hotlist filtering.


  1. From the home page, open the Activity trails task.
  2. In the Activities filter, select which of the following activities you want to investigate:
    • Access control:
      Access control unit rebooted (manually)
      Who manually rebooted an access control unit.
      Access control unit synchronization started (manually)
      Who manually started an access control unit synchronization.
      Antipassback violation forgiven
      Who forgave an antipassback violation.
      Badge printed
      Who printed a credential badge.
      Cardholder removed from area
      Who removed a cardholder, and from which area.
      Credential request canceled/completed
      Who completed or canceled a credential badge print request.
      Credential requested
      Who requested a credential badge to be printed, and why.
      Device shunted
      Who shunted (disabled) an access control device.
      Door maintenance mode canceled
      Who canceled the maintenance mode on a door.
      Door set in maintenance mode
      Who unlocked a door by setting it in maintenance mode.
      Door unlock schedule overridden (lock/unlock)
      Who overrode the lock or unlock schedule of a door.
      Door unlock schedule override canceled
      Who canceled the unlock schedule override of a door.
      Door unlocked (explicitly)
      Who unlocked a door from Security Desk using a hot action or alarm event-to-action.
      Door unlocked (manually)
      Who manually unlocked a door from the Security Desk Door widget.
      Firmware upgrade for access control unit scheduled
      The unit's upgrade is scheduled to start immediately or later, if the Delay upgrade until setting is used.
      Scheduled firmware upgrade for access control unit canceled
      The unit's scheduled upgrade was canceled
    • General:
      Alarm acknowledged/forcibly acknowledged
      Who acknowledged or forcibly acknowledged an active alarm.
      Alarm forwarded/snoozed
      Who forwarded or snoozed an active alarm.
      Alarm triggered (manually)
      Who manually triggered an alarm.
      All alarms forcibly acknowledged
      Who forcibly acknowledged all active alarms.
      Connected to remote Security Desk
      Who connected to a remote Security Desk workstation.
      Disconnected from remote Security Desk
      Who disconnected from a remote Security Desk workstation.
      Intrusion alarm acknowledged
      Who acknowledged an intrusion alarm.
      Intrusion alarm silenced
      Who silenced an intrusion alarm.
      Intrusion alarm triggered
      Who manually triggered an intrusion alarm.
      Intrusion detection area disarmed
      Who disarmed an intrusion detection area.
      Intrusion detection area input bypass activated
      Who activated a sensor bypass in an intrusion detection area.
      Intrusion detection area input bypass deactivated
      Who deactivated a sensor bypass in an intrusion detection area.
      Intrusion detection area master armed
      Who master armed an intrusion detection area.
      Intrusion detection area perimeter armed
      Who perimeter armed an intrusion detection area.
      Output triggered (manually)
      Who triggered an output pin (for example, using a hot action).
      Report exported/generated/printed
      Who exported, generated, or printed a report.
      IMPORTANT: To comply with State laws, if the Report generated option is used for an Activity trails report that contains LPR data, the reason for the LPR search is included in the Description field.
      Threat level set/cleared
      Who set or cleared a threat level, and on which area or system.
      User logged on/off
      Who logged on or off of which Security Center client application.
      Zone armed/disarmed
      Who armed or disarmed a zone.
    • LPR:
      Application updated
      Who updated a Genetec Patroller™ or a Sharp unit.
      Enforce in-lot violation triggered
      Who enforced an in-lot violation in a parking zone.
      Hit deleted
      Who deleted a hit.
      Hotlist or permit list edited
      Who loaded a hotlist or permit list, or added, modified, or deleted license plates in the list.
      Past read matching triggered
      Who performed past read matching in Genetec Patroller™.
      Photo evidence report printed (Hits/Reads)
      Who printed a hits/reads evidence report.
      Plate filtering enabled
      Which LPR Manager role has plate filtering enabled.
      Read edited/triggered
      Who edited/triggered a license plate read.
      Read/hit protected
      Who protected a license plate read or hit.
      Read/hit unprotected
      Who unprotected a license plate read or hit.
      Reset parking zone inventory
      Who reset the inventory of a parking zone.
      Set parking zone occupancy
      Who modified the occupancy of a parking zone.
    • Video:
      Archive backup started/stopped (manually)
      Who manually started or stopped video from being backed up from an Archiver.
      Archive duplication started/stopped (manually)
      Who started or stopped video from being duplicated from one Archiver to another.
      Archive restore started/stopped (manually)
      Who started or stopped video archive from being restored to an Archiver.
      Archive retrieval from units started/stopped (manually)
      Who started or stopped transferring video from video units to an Archiver.
      Bandwidth limit exceeded
      Who requested a video stream that was unable to connect because the bandwidth limit for redirected video was reached. Or, who lost a redirected video stream connection because the bandwidth limit was reached and a user with a higher user level requested a stream.
      Bookmark deleted/modified
      Who deleted or modified a bookmark.
      Camera blocked/unblocked
      Who blocked or unblocked a camera.
      Confidential video requested
      Who requested to view a confidential video stream.
      Connected to analog monitor
      Who connected to an analog monitor.
      Disconnected from analog monitor
      Who disconnected from an analog monitor.
      Live streaming started/stopped
      Which camera was displayed or removed.
      Playback streaming started
      Which recording was played.
      PTZ command sent
      What did the user do with the PTZ.
      Recording started (manually)
      Who started recording video manually.
      Recording stopped (manually)
      Who stopped recording video manually.
      Snapshot printed/saved
      Who printed or saved a snapshot.
      Video exported
      What did the user export and where did they save it.
      Video file deleted (manually)
      Who deleted a video file from the system.
      Video file protected/unprotected
      Who started or stopped protection on a video file.
      Video stream not delivered
      Whose video request was terminated without having a single frame being rendered.
      Video unit identified/rebooted/reconnected
      Who identified/rebooted/reconnected a video unit.
      Visual tracking enabled/disabled
      Who enabled or disabled visual tracking in a tile.
  3. Set up the other query filters for the report. Choose from one or more of the following filters:
    Which client application was used for the activity.
    Event timestamp
    Define the time range for the query. The range can be defined for a specific period or for global time units, such as the previous week or the previous month.
    Select the events of interest. The event types available depend on the task you are using.
    The entities that were impacted by this activity.
    User or role responsible for the activity.
  4. Click Generate report.
    The activity results are listed in the report pane.