How to Use Issuetrak Auditing

Issuetrak provides facilities for auditing actions taken in the administrative settings, as well as within issues. This article provides scenarios for using these auditing features to help you investigate how and when things occurred within your Issuetrak site. 

This article builds upon the foundation of information provided in the following articles (in case you need to brush up on them):

• About Issue Auditing
• About Admin Auditing
• Interpreting Admin Auditing Logs

---

Activating Auditing Features

Before we walk you through how to use these features, you will need to enable them in order to see what we're discussing. Click the button below for steps to help with that.

Activation Steps

---

Scenario 1: Who deleted this issue?

Once in a while, you might need to investigate what happened to an issue that went missing in your site. It's possible that visibility controls prevent you from seeing specific issues under some circumstances. But this scenario is specifically for when the issue itself no longer exists.

This scenario takes place in my test site, which is a wasteland of useless information, sometimes infinite escalations, and strangely pessimistic SLAs. My site has also experienced at least one apocalypse in the form of multiple issues being deleted. This test site is over 4 years old, and has been upgraded through various internal Issuetrak test versions, and seen all manner of dumb things applied to its configuration, and even dumber things added to the content of issues. 

Our task is to find out what happened to issue 1. I don't remember what happened to it, but issues 1 through 18 have all disappeared from my site. I suspect that I did this for some reason, or maybe none at all. But since my team mates also have access to my site, there exists the possibility of hilarious previously-unreported vandalism. 

Let's find out what happened!

Investigation

We're going to need to have a look at the issue audits for this. Fortunately, when an issue gets deleted, the audits for that issue aren't included. 

Steps:

1. Click the gear icon in the upper right > click Issue Audits beneath Issue Setup.
2. We're prompted for information about the issue audits we want to search for. The only thing we know is that it's issue 1, so we'll put that in the Issue Number field, then click the Search button.

All of the issue audits for issue 1 are now displayed. Well, not all of them. My site's defaults are set to display 100 results per page. Unfortunately for me, the top of the issue audit search results displays this gem: 

Page 1 of 178 (17702 records total)

Oh dear. Well, I know one thing: I'm NOT going to click the Next button 177 times to find out what the end of this story is. 

Let's go back to the Issue Audits Search screen. If I had known that there were over 17k records to sift through, I would have added sorting to the search to begin with! Let's fix that.

Steps:

1. Click the gear icon in the upper right > click Issue Audits beneath Issue Setup.
2. Fill in the Issue Number field.
3. For the Sort Order 1 fields, let's set these to Modified Date and Descending, respectively, then click Search.

Now, atop a pile of records of "EscalationRule" adding notes to the issue, and a handful of records from "GlobalIssue" updating it as well, we see the final record that reflects the issue's deletion: 

• Change Type: Issue Deleted
• Old Value: Issue #1
• New Value: (blank)
• Modified By: admin
• Modified Date: 01/31/2024 12:39PM

It was me. I deleted it over a year ago. Whoops!

---

Scenario 2: We're missing an issue template. What happened?

This situation involves looking into the admin auditing logs, which will allow us to find out which user did this, and when. 

As in the previous scenario, this takes place in my well-abused test site. Our task is to find out what happened to an issue template called "UNHELPFUL" that is now missing. 

Investigation

We'll start by navigating to the Admin Auditing area, then see about conducting a search.

Steps:

1. Click the gear icon in the upper right > click on Admin Auditing beneath Tools.
2. Since we want to know what happened to an issue template, we're going to set the Area Changed field to "Issue Templates".
3. This step is optional, but it could potentially help narrow the results. We will set the Item Changed field to "Issue Template Name". 
4. Since we can be reasonably confident that our issue template was deleted, we'll set the Action Performed field to "Deleted".
5. Click Search.

Now, we've got a bunch of search results. But let's make sure they're all relevant. Somewhere in the pile of records returned should be the word "UNHELPFUL". A quick CTRL-F search helpfully finds "UNHELPFUL" toward the end of the results. But are they all related? A quick scan of the "Date Initiated" column indicates that all of these records were altered on the exact same timestamp, as well as on the same row key. This is our missing issue template. The same records also show that I was the one that deleted this issue template, and that I did it 3 days ago.

Post-Investigation Notes

Why are there so many audit records returned for a simple issue template deletion? If you look at the "Item Changed" column, you can see a whole lot of them. For just this one issue template deletion, there are:

• Class ID
• Database ID
• Issue Description
• Subtype 2 ID
• Subtype 3 ID
• Subtype 4 ID
• Subtype ID
• Issue Type ID
• No Email Notification
• Organization ID
• Priority ID
• Private
• Project ID
• Issue Template Name
• Responsible Department ID
• SubStatus ID

The reason is that, like issues, there are many attributes of an issue template. Those attributes are written to the audit log as they are removed from the database during the deletion of the issue template. Different issue templates often have slightly different sets of fields associated with them, so your mileage may vary when you view the rows listed for such deletions.