The Pandora's system audit shows all the actions performed by each user, as well as the failed logins. In the actual version of Pandora the system audit includes actions that somehow try to by pass the security system: attempts to delete an incident by an unauthorised user, attemps to change user profiles by unauthoried users, etc. Its main function is, however, to trace the user connections (login/logout). The audit Logs can be found in the System Audit option of the Administration menu, ordered chronologicly. Filters can be applied to the Logs displayed to show only those of interest for the user, selected by the action the Log produces. The selectable actions are those actions stored in the Data Base at that time. The following fields display the Audit Logs information: User: User that triggerd the event (SYSTEM isspecial user of the system). Action: Action generated by the entry in the log. Date: Date of the entry in the log. Source IP: IP of the machine or the agent that provoked the entry. Comment: Comment describing the entry There isn't a special section to view system audit statistics. However, we could use a graph generated in the Users section to evaluate the actions of each user, as this graph would represent the total number of entries in the audit log for each one: the more active the user is the higher the number of entries. The graph will also show entries of invalid users, i.e., those entries generated by failed attemps to log in.