Client Activity Record
A description of the benefits of Client Activity Record feature and how the data can be retrieved.
Also known as 1E Inventory.
What is Client Activity Record?
1E clients capture certain types of event data in a local database (Persistent Storage) so that instructions can query later. Data is compressed and encrypted in a way that ensures a very low impact on device performance and security.
Client Activity Record is similar to Windows Task Manager and Perfmon. On Windows client devices 1E continuously captures events, which enables all significant events to be captured as they happen. Other OS use polling, which requires the polling frequency to be regular enough to ensure brief events to be captured.
The type of data captured and is described below and the configuration options for each capture source are described in 1E Client - 1E client settings: Inventory module settings. There are DEXPack instructions for getting and setting these configuration options.
What are the capture sources?
The table below lists the capture sources supported by the Client Activity Record feature, and on which OS they are supported.
Source Name | Description | Windows | macOS | Linux | Solaris |
|---|---|---|---|---|---|
ARP cache entries - the Inventory module captures the results of cached IP address to physical address resolutions | 3.2 | n/a | n/a | n/a | |
Windows boot performance metrics. | 8.0 | n/a | n/a | n/a | |
User session input metrics (keyboard and mouse activity). | 5.1 | n/a | n/a | n/a | |
Device performance metrics for device performance by interrogating Windows Performance Counters. These metrics cover disk, memory, network and processor performance. This capture source is required by the Experience Analytics application. | 5.0 | n/a | n/a | n/a | |
Disk, network, memory, and processor performance metrics. | 5.1 | n/a | n/a | n/a | |
DNS resolution queries - the Inventory module captures whenever a DNS address is resolved | 2.1 | 2.1 | n/a | n/a | |
Performance metrics for OS - the metrics executable runs every 4 hours by default This capture source is required by the Experience Analytics application. | 5.0 | n/a | n/a | n/a | |
Distinct events which may be of relevance when diagnosing performance or end-user experience issues. | 5.0 | n/a | n/a | n/a | |
Process execution - the Inventory module captures whenever a process starts on the device | 2.1 | 2.1 | 2.1 | 2.1 | |
The time taken for a process execution to be considered stable whenever a monitored process starts on the device | 3.2 | n/a | n/a | n/a | |
A daily summary of the launches and terminations of processes. The Process Usage capture source is required by the 1E Powered Inventory feature (1E connector). NoteProcess Usage capture can generate high disk I/O while capturing process usage on virtual machine hosts with guests starting at the same time. | 3.2 | n/a | n/a | n/a | |
Performance metrics for sensitive processes - the metrics executable runs every 4 hours by default This capture source is required by the Experience Analytics application. | 5.0 | n/a | n/a | n/a | |
Software installs/uninstalls/presence - the Inventory module captures whenever software is installed/uninstalled, and also captures which software is present on a device | 2.1 | 2.1 | 2.1 | 2.1 | |
Software process responsiveness and duration of active interaction. | 5.1 | n/a | n/a | n/a | |
Performance metrics for software - Software performance polling is every 10 seconds by default This capture source is required by the Experience Analytics application. Aggregated with SoftwarePerformance data:
| 5.0 | n/a | n/a | n/a | |
Outbound TCP connections - the Inventory module captures whenever an outbound TCP connection is made | 2.1 | 2.1 | 2.1 | n/a | |
A daily summary of all the logons and logoffs of users. This capture source is required by the 1E Powered Inventory feature (1E connector). | 3.2 | n/a | n/a | n/a |
How is the data managed?
The data is captured and stored to a local, encrypted persistent store and then periodically aggregated according to an ongoing daily, weekly, monthly window. This means that the data is held securely and the amount of data is minimized while still maintaining its usefulness.
How do I retrieve the data from the 1E Client devices?
1E provides a number of DEXPack instructions that will let you interrogate your 1E Client devices for the data they hold.