Skip to main content

1E 23.11 (SaaS)

Client Activity Record

A description of the benefits of Client Activity Record feature and how the data can be retrieved.

Also known as 1E Inventory.

What is Client Activity Record?

1E clients capture certain types of event data in a local database (Persistent Storage) so that instructions can query later. Data is compressed and encrypted in a way that ensures a very low impact on device performance and security.

Client Activity Record is similar to Windows Task Manager and Perfmon. On Windows client devices 1E continuously captures events, which enables all significant events to be captured as they happen. Other OS use polling, which requires the polling frequency to be regular enough to ensure brief events to be captured.

The type of data captured and is described below and the configuration options for each capture source are described in 1E Client - 1E client settings: Inventory module settings. There are DEXPack instructions for getting and setting these configuration options.

What are the capture sources?

The table below lists the capture sources supported by the Client Activity Record feature, and on which OS they are supported.

Source Name

Description

Windows

macOS

Linux

Solaris

ARP

ARP cache entries - the Inventory module captures the results of cached IP address to physical address resolutions

3.2

n/a

n/a

n/a

BootPerformance

Windows boot performance metrics.

8.0

n/a

n/a

n/a

DeviceInteraction

User session input metrics (keyboard and mouse activity).

5.1

n/a

n/a

n/a

DevicePerformance

Device performance metrics for device performance by interrogating Windows Performance Counters. These metrics cover disk, memory, network and processor performance.

This capture source is required by the Experience Analytics application.

5.0

n/a

n/a

n/a

DeviceResourceDemand

Disk, network, memory, and processor performance metrics.

5.1

n/a

n/a

n/a

DNS

DNS resolution queries - the Inventory module captures whenever a DNS address is resolved

2.1

2.1

n/a

n/a

OperatingSystemPerformance

Performance metrics for OS - the metrics executable runs every 4 hours by default

This capture source is required by the Experience Analytics application.

5.0

n/a

n/a

n/a

PerformanceEvent

Distinct events which may be of relevance when diagnosing performance or end-user experience issues.

5.0

n/a

n/a

n/a

Process

Process execution - the Inventory module captures whenever a process starts on the device

2.1

2.1

2.1

2.1

ProcessStabilization

The time taken for a process execution to be considered stable whenever a monitored process starts on the device

3.2

n/a

n/a

n/a

ProcessUsage

A daily summary of the launches and terminations of processes.

The Process Usage capture source is required by the 1E Powered Inventory feature (1E connector).

Note

Process Usage capture can generate high disk I/O while capturing process usage on virtual machine hosts with guests starting at the same time.

3.2

n/a

n/a

n/a

SensitiveProcess

Performance metrics for sensitive processes - the metrics executable runs every 4 hours by default

This capture source is required by the Experience Analytics application.

5.0

n/a

n/a

n/a

Software

Software installs/uninstalls/presence - the Inventory module captures whenever software is installed/uninstalled, and also captures which software is present on a device

2.1

2.1

2.1

2.1

SoftwareInteraction

Software process responsiveness and duration of active interaction.

5.1

n/a

n/a

n/a

SoftwarePerformance

Performance metrics for software - Software performance polling is every 10 seconds by default

This capture source is required by the Experience Analytics application.

Aggregated with SoftwarePerformance data:

  • SoftwarePerformance.DiskUsage - Disk related metrics for each running process

  • SoftwarePerformance.ProcessNetworkUsage - Network related metrics for each running process.

5.0

n/a

n/a

n/a

TCP

Outbound TCP connections - the Inventory module captures whenever an outbound TCP connection is made

2.1

2.1

2.1

n/a

UserUsage

A daily summary of all the logons and logoffs of users.

This capture source is required by the 1E Powered Inventory feature (1E connector).

3.2

n/a

n/a

n/a

How is the data managed?

The data is captured and stored to a local, encrypted persistent store and then periodically aggregated according to an ongoing daily, weekly, monthly window. This means that the data is held securely and the amount of data is minimized while still maintaining its usefulness.

How do I retrieve the data from the 1E Client devices?

1E provides a number of DEXPack instructions that will let you interrogate your 1E Client devices for the data they hold.