Navigation:  Web Reports > Compliance Tracking >

Process Tracking

 Top  Previous  Next

If you configured Process Tracking to write to the database then you can run queries to search for process history on the Process Tracking page.

 

With the Process Tracking page you can generate the following reports:

 

Which processes (applications) are being used in your network
Process history on a per-user or per-computer basis
Currently running applications on a per-user or per-computer basis
Which applications were running more than 60 minutes?
Which users or computers have been running a particular application?
Other Reports

 

The process tracking query page gives you the same flexibility the database query page gives you, allowing you to construct your own powerful queries with just a few clicks.

 

Pencil and Document 24 n g Prerequisites:

A Tracking Package that includes a Process Tracking object needs to be assigned to one or more computers for process tracking data to be written to the database.

 

Filename, File Path, Computer, Domain, Username

By selecting one or more of the above fields, only processes matching your selection will be displayed. If you select the exclamation mark next to your selection, then only processes not matching your selection will be displayed.

 

From, To

You can restrict your search to a particular time and/or date range. You can click the calendar icon to bring up a calendar. When you set a date range using the From and/or To fields, any limit setting (e.g. "last week") will be ignored.

 

Order By

Use this field to sort your output. By default, output is sorted descending by Date and Time.

 

Process ID, Creator Process ID

Only show process with the specified process ID or creator process ID

 

Duration

Only show processes that ran for the specified amount of time

 

Don't Truncate Path

By default, only the first 50 character of the process directory are shown. Check this box to always show the full path.

 

Incomplete Data

Lines shown in orange indicate that the actual duration of the process is higher or equal to the actual number shown. This happens when the EventSentry service cannot obtain enough information about the process, such as when the service been restarted, the security event log is configured incorrectly or not enough information is available. All process information other than the duration are however reliable.

 

Group By

You can group output by selecting one or more (hold the CTRL key while selecting multiple) fields from the "Group By" box.

 

Show Chart

Selecting the "Show Chart" option will display a graphical chart in addition to the text report. A pie chart is shown if you group by one field, a stacked column chart is displayed when you group by two fields. Grouping by more than two fields will not show a chart.

 

Retrieving additional information about processes

If you see a process in the "Process" column that you are unfamiliar with, then you can click the process name to automatically search for the file at http://www.fileresearchcenter.com/.

 

clip0535