Lỗi please send stack_20230514_0801.log to server admin

You can use the audit and investigation page to run searches related to User log events. There you can check critical actions carried out by users on their own accounts. These actions include changes to passwords, account recovery details (telephone numbers, email addresses), and 2-Step Verification enrollment. A login from an email client or a non-browser application is not logged in this report unless it’s a programmatic login from a session that was considered suspicious.

Note:

• During a recent launch, the old Login audit log and User accounts audit log were combined into the User log events data source. For more details, see What's new: Improved audit and investigation experience.
• If there’s no data for user log events during the previous 6 months, User log events might not be displayed in the left navigation menu.

For a full list of services and activities that you can investigate, such as Google Drive or user activity, read through the data sources for the audit and investigation page.

Open the audit and investigation page

Access User log event data

1. On the left, click ReportingAudit and investigationUser log events.

Filter the data

1. Open the log events as described above in .
2. Click Add a filter, and then select an attribute.
3. In the pop-up window, select an operatorselect a valueclick Apply.
4. (Optional) To create multiple filters for your search:
   1. Click Add a filter and repeat step 3.
   2. (Optional) To add a search operator, above Add a filter, select AND or OR.
5. Click Search.

Note: Using the Filter tab, you can include simple parameter and value pairs to filter the search results. You can also use the Condition builder tab, where the filters are represented as conditions with AND/OR operators.

Attribute descriptions

For this data source, you can use the following attributes when searching log event data:

Attribute Description Actor group name

Group name of the actor. For more information, see .

To add a group to your filtering groups allowlist:

1. Select Actor group name.
2. Click Filtering groups. The Filtering groups page displays.
3. Click Add Groups.
4. Search for a group by entering the first few characters of its name or email address. When you see the group you want, select it.
5. (Optional) To add another group, search for and select the group.
6. When you finish selecting groups, click Add.
7. (Optional) To remove a group, click Remove group .
8. Click Save. Actor organizational unit Organizational unit of the actor Affected user Email address of the affected user Challenge type The type of challenge used to verify the user, such as Password or Security Key Date Date and time of the event (displayed in your browser's default time zone) Domain The domain where the action occurred Email forwarding address Email address to forward the Gmail messages to

Event

The logged event action, such as 2-step verification enroll or Suspicious login

Note: For the Logout event, even if the user signed in with login types other than Google Password, (such as Exchange, Reauth, SAML, or Unknown), the Login type for Logout events is displayed as Google Password.

ArcGIS Server records events that occur, and any errors associated with those events, to logs. Logs are an important tool for monitoring and troubleshooting problems with your site. Information in the logs will help you identify errors and provide context on how to address problems. The logs also comprise a history of the events that occur over time.

For example, the following events are recorded in the logs:

• Installation and upgrade events, such as authorizing the software and creating the site
• Publishing of services, such as map services, geocode services, feature services, and so on
• Registering and unregistering data stores, including folders, file geodatabases, databases, enterprise geodatabases, and ArcGIS Data Store
• Site management events, such as adding and removing GIS servers, configuring clusters, specifying log settings, creating and removing server directories, updating the configuration store, and deleting the site
• Security events, such as users signing in or out of the site; creating, deleting, and disabling users; creating and changing user roles; creating and removing groups; updating HTTP and HTTPS settings; import and export of security certificates; and updating the site's identity store
• General events, such as restarting a GIS server machine, stopping or starting services, when services go into use, duration of wait time for service requests, and noting layer drawing times in a service

The following events are not recorded in the logs:

• Federating and unfederating your site with Portal for ArcGIS

Access server logs

Use ArcGIS Server Manager to query, view, configure, and delete server logs. Server Manager aggregates the messages into a table that you can read and manipulate.

To access the logs, follow these steps:

1. Open Server Manager and sign in. If you need help with this step, see Log in to Manager.
2. Click Logs \> View Logs to review the current logs. You can also use the filter controls on the page to help you narrow down events and display more relevant messages. Work with server logs contains details on how to capture events, query the logs, review messages, and filter events based on certain criteria.
3. To manage log settings, such as the default level of logging, how long logs are kept on disk, and where the server writes its logs, click Settings. See Specify server log settings for details.
4. If you want to delete the logs, click Delete Logs. This deletes all of the log files from each GIS server in the site.

Advanced logging

If you're an advanced user of ArcGIS Server, you can view, query, and configure logs through the ArcGIS REST API. This API allows you to programmatically construct advanced queries, modify log settings, and derive statistics over time. You can use the ArcGIS Server Administrator Directory to learn how to construct these queries.

Feedback on this topic?