Chapter 6: Using the Incidents Log
Applies to: Forefront Security for SharePoint
Forefront Security for SharePoint provides a variety of reports designed to help administrators analyze the state and performance statistics of Forefront Security for SharePoint. These include the Incidents Log, a database (Incidents.mdb) that stores a record of all files in which viruses were detected and all files trapped by filters.
Note
For more information about the Incidents Log, refer to “SharePoint Reporting and Statistics” in the Forefront Security for SharePoint User Guide.
In this chapter
Using the Incidents Log
To view the Incidents Log
To sort the Incidents Log
To filter the Incidents Log
To export Incidents Log data to a file
To manage the size of the Incidents Log
Using the Incidents Log
This Incidents Log stores the following information for each incident:
| Field | Description |
|---|---|
Time |
Date and time of the incident. |
State |
Action taken by Forefront Security for SharePoint. |
Name |
Name of the scan job that reported the incident. |
Folder |
Name of the folder where the file was found. |
File |
Name of the virus or file that matched a file filter or content filter. |
Incidents |
Type of incidents that occurred: Virus or File Filter. Each is followed by either the name of the virus detected or the name of the filter that triggered the event. |
Author’s Name |
Name of the author of the document. |
Author E-Mail |
E-mail address of the document’s author. |
Last Modified By |
Name of the last user to modify the document. |
Modified User E-Mail |
E-mail address of the last user to modify the document. |
Note
Forefront Security for SharePoint reports the last four fields as N/A for Realtime Scan Jobs because it does not have access to this information during a real-time scan.
To view the Incidents Log
- Under REPORT, click Incidents.
.gif "515dd247-8a7b-40e7-a2e6-3c288a8fb318")
- Scroll right to see all the data about each incident.
To sort the Incidents Log
- In the Incidents work pane, click a column heading (Time, Name, and so on) to sort data based on that column.
- Click Save to have your settings take effect.
To filter the Incidents Log
A filter only affects what you view on the screen; it does not modify the contents of the database.
- In the Incidents work pane, check the Filtering box.
.gif "31d99e18-e94f-409e-b246-df549325f429")
- Select a value for Field from the list, and choose the filter criteria to the right.
- Click Save to apply each filter.
Note
To remove the filter and restore the full Incidents Log, clear the Filtering box, and then click Save.
To export Incidents Log data to a file
You can export Quarantine data to a formatted text file or a delimited text file (for use in a spreadsheet). If you are using a filter on the Incidents Log, Forefront Security for SharePoint exports only the data set you have filtered.
- In the Incidents work pane, click Export.
- In the Save box, select a destination and either the Formatted Text or Delimited Text format.
- Click Save.
To manage the size of the Incidents Log
The Incidents Log can grow very large, which can affect performance. To manage its size, you can specify a number of days after which Forefront Security for SharePoint will purge all records from the database older than the number of days you have specified. You can set a separate value for each database.
- In the Incidents work pane, check the Purge box.
- Select how many days you want to keep Incidents Log data.
- Click Save for the new setting to take effect.
When the time comes for Forefront Security for SharePoint to purge the Incidents Log, you will be asked to confirm the deletion.
Note
When Forefront Security for SharePoint clears a very large Incidents Log, the deletion process can take a long time.