Orchestrator Events and Database Tables

News Knowledge Base
1

Where to find various Orchestrator events in the database

This article describes where to find various Orchestrator events in the database.

  • All sessions established (e.g. Successful Orchestrator login, Robot/Studio connection)

[dbo].[Sessions] and [dbo].[UserLoginAttempts]

Historical successful Robot/Studio connections are not recorded due to the amount of data that would generate. (Every time the connection is lost and reestablished it would record multiple events).

Current sessions are not tracked in the [dbo].[Sessions] table. [dbo].[UserLoginAttempts] tracks both successful and unsuccessful User logins.

  • Invalid or unauthorized authentication attempts to access information resources (e.g. Failed Orchestrator login, failed Studio/ Robot connection)

[dbo].[UserLoginAttempts] for Failed Logins and Orchestrator.BusinessExceptions, Failed Connections - Orchestrator.BusinessExceptions - Invalid Machine Key (Bad Machine Key, Good Machine Name), Machine does not exist (Good Machine Key, Bad Machine Name)

  • Action of individuals with root or elevated privileges (e.g. system and database administrators, any settings changed by Orchestrator admin or custom roles)

Orchestrator changes are tracked in [dbo].[AuditLogs]. Server-side changes (e.g. changes made to IIS) or SQL Server changes are not recorded here and should be recorded through separately.

  • Any attempt by the administrator to authorize any user to bypass the administrator-configured data integrity controls

Anything done outside the application's code can't be tracked without auditing the resources that were tampered with. Operations that go through Code are tracked in [dbo].[AuditLogs].

  • Creation or changes in user or information resource security accounts, profiles, ACLs, privileges, and attributes

[dbo].[AuditLogs]

  • Use of privileged accounts

[dbo].[UserLoginAttempts]

  • Creation, storage, or revocation of encryption/decryption keying material (e.g. security settings in Orchestrator)

[dbo].[AuditLogs] for Security Settings in Orchestrator, for other changes like web.config changes or server-side ones - FileSystemWatcher could do the trick.

  • Shutdowns, restarts, and backups (any Orchestrator activity, especially shutdown, restarts, etc.)

Orchestrator events in EventViewer (look for events like Orchestrator is starting).

  • Installation and updates of software (eg. table that tracks updates and patches)

[dbo].[MigrationHistory] tracks migrations.

Exact version to version history is not currently available.

  • Access to audit logs (audit log table)

It is not tracked explicitly in Orchestrator; the access is done based on permissions to view audit information.

  • Changes to audit log configurations

[dbo].[Auditlogs]