Auditing, Archived Events and SQL Management

To ensure transparency of actions, Passwordstate has over 120 audit events, all of which can be used in Scheduled Reports and for real-time alerts.  We ensure the visibility of audit events by providing the default option to display them in the Recent Activity display grid beneath each Password List.  This option can of course be modified by your System / Security Administrators.

All events are available under Administration->Auditing, where you can filter them based on Platform, Instance, Activity, Site, Date range, Password List and Search Criteria.  You can even select visual representations of events under Administration->Auditing Graphs.

Audit Tables

Passwordstate’s audit events are stored in the Passwordstate Database and are held in one of two tables, Auditing or AuditingArchive

All auditing events are initially written to the Auditing table.  From there they are displayed, based on configured options, in each Password List’s Recent Activity display grid.  To ensure your instance can perform satisfactorily, Passwordstate monitors the number of records stored in this table.  Once the number of records exceeds the number you’ve specified in System Settings, the Passwordstate Windows Service will automatically move any excess events to the AuditingArchive table.  The events moved are the oldest entries in the table.

For performance reasons the events stored in AuditingArchive are never referenced from the Passwordstate UI, except when choosing to search for an event and you click the Yes radio button next to Archived Data.

Purge Old Events

From time to time, you may want to clean-up or purge old Auditing events store in the AuditingArchive table.  Passwordstate provides instructions for your Database Administrators on how to do this.  To access these instructions, simply navigate to Administration->Auditing,

and click on Purge Audit Records.  This will open the Purge Auditing Data instructions screen,

This screen displays an example of the Archive_Auditing_By_Month_Age.sql script that is normally located in C:\inetpub\passwordstate\setup\scripts on your Passwordstate webserver.  If you have a different installation directory then you’ll need to look there for the script in your installation path followed by \passwordstate\setup\scripts.

The instructions screen provides steps on how to specify the data for selection, manual archiving outside of Passwordstate and deletion from the AuditingArchive table.

Fine Tune Auditing Settings

You can fine tune the settings relating to the AuditingArchive table under Administration->System Settings->auditing data->Auditing Archive Settings,

Here, you can specify the maximum number of rows to keep in the Auditing table.  The default is 500,000 rows, and you can reduce or increase (not recommended) this number depending on your requirements.  Once the number of rows in your Auditing table reaches this number the oldest rows, in excess of this number, are moved to AuditingArchive.  You can elect to archive all API Auditing data daily at a specified time.  The visibility of Audit data in the Recent Activity display grid is also set here under Miscellaneous Settings.

If you have a Syslog Server or SEIM (Security Event and Incident Management) solution you can send all audit events to it.  Audit entries are checked and sent every minute and you can specify the server name, the Port Number used for communication with the server, the specific Date Formatting to be used for entries and the Protocol used,

The auditing functionality provided by Passwordstate is comprehensive, can be tailored for performance and offers the ability to both export older events to external storage and send events as they are recorded to your Syslog or SEIM solutions.

If you would like to share your feedback, we’d love to hear it.  Just email it through to