BBM Enterprise audit log files
Following are the properties of the BBM Enterprise audit log files:
- Audit log files are in .csv format and are named using the following format: <UEM SRPID>_<user email>__<user BBME endpoint id>__<encryption key alias or NA if not encrypted>_<logging version>_date_<file number>.csv
- When a file reaches the size defined in the audit logs settings, the file number is incremented.
- An audit file is created for each user.
- A separate audit file is created for each device that has the same user.
- All files for the same user are identified by <user email>.
- All files for the same user and the same device are identified by <user BBME endpoint id>.
- When an archiving encryption key is set, the content of all plain text fields (for example, sender, tag, and msg id) is AES256-encrypted.
- The chat, message, timestamp, sender, and date are not encrypted to make searching easier (for example, searching for a date and time).
Each BBM Enterprise audit file contains the following information.
Unique identifier of a chat. All participants in the same conversation have the same chat in their respective .csv files. Stored as a base64-encoded ASCII value in the .csv file.
Identifies the content type. The type can be, but is not limited to one of the following:
The name of a person that generated an audit event in a chat
BBM Enterprise user ID of a person generating an audit log entry
Unique message identifier of a message or event in a chat. Stored as a base64-encoded hexadecimal value in the .csv file.
Epoch timestamp in UTC / GMT indicating the time when an event was generated in a chat
Date/time corresponding to the <timestamp> field