BBM Enterprise audit log files
Following are the properties of the BBM Enterprise audit log files:
- Audit log files are in .csv format and are named using the following format: <UEM SRPID>_<user email>__<user BBME endpoint id>__<encryption key alias or NA if not encrypted>_<logging version>_date_<file number>.csv
- When a file reaches the size defined in the audit logs settings, the file number is incremented.
- An audit file is created for each user.
- A separate audit file is created for each device that has the same user.
- All files for the same user are identified by <user email>.
- All files for the same user and the same device are identified by <user BBME endpoint id>.
- When an archiving encryption key is set, the content of all plain text fields (for example, sender, tag, and msg) is AES256-encrypted.
- The chat ID, message ID, timestamp, sender ID, and date are not encrypted to make searching easier (for example, searching for a date and time).
Each BBM Enterprise audit file contains the following information.
Column name | Meaning |
|---|---|
ChatId | Unique identifier of a chat. All participants in the same conversation have the same chat in their respective .csv files. Stored as a base64-encoded ASCII value in the .csv file. |
Tag | Identifies the content type. The type can be, but is not limited to one of the following:
|
Data | Contains data for some tags, such as call, picture, quote and so on |
Sender | The name of a person that generated an audit event in a chat |
SenderId | Unique identifier of a person generating an audit log entry |
Msg | Contains data for tag types such as text and subject |
MsgId | Unique message identifier of a message or event in a chat. Stored as a base64-encoded hexadecimal value in the .csv file. |
Timestamp | Epoch timestamp in UTC / GMT indicating the time when an event was generated in a chat |
Date | Date/time corresponding to the <timestamp> field |