Client Activity Record
1E clients capture certain types of event data in a local database (refer to Persistent Storage) that instructions can query later. Data is compressed and encrypted in a way that ensures a very low impact on device performance and security.
Client Activity Record, also known as 1E Inventory, is similar to Windows Task Manager and Perfmon. On Windows client devices, 1E continuously captures events, which enables all significant events to be captured as they happen. Other operating systems use polling, which requires the polling frequency to be regular enough to ensure brief events to be captured.
The type of data captured is described below, and the configuration options for each capture source are described in Inventory module settings. There are DEXPack instructions for getting and setting these configuration options.
For more information about the Client Activity Record, refer to Client Activity Record in our SDK documentation.
Capture sources
The table below lists the capture sources supported by the Client Activity Record feature, and on which OS they are supported.
|
Source Name |
Description |
Windows |
macOS |
Linux |
|---|---|---|---|---|
|
ARP |
ARP cache entries: The Inventory module captures the results of cached IP address to physical address resolutions. |
3.2 |
n/a |
n/a |
|
BootPerformance |
Windows boot performance metrics. |
8.0 |
n/a |
n/a |
|
DeviceInteraction |
User session input metrics (keyboard and mouse activity). |
5.1 |
n/a |
n/a |
|
DevicePerformance |
Device performance metrics for device performance by interrogating Windows Performance Counters. These metrics cover disk, memory, network, and processor performance. This capture source is required by the Experience Analytics application. |
5.0 |
n/a |
n/a |
|
DeviceResourceDemand |
Disk, network, memory, and processor performance metrics. |
5.1 |
n/a |
n/a |
|
DNS |
DNS resolution queries: The Inventory module captures whenever a DNS address is resolved. |
2.1 |
2.1 |
n/a |
|
OperatingSystemPerformance |
Performance metrics for OS: The metrics executable runs every 4 hours by default. This capture source is required by the Experience Analytics application. |
5.0 |
n/a |
n/a |
|
PerformanceEvent |
Distinct events which may be of relevance when diagnosing performance or end-user experience issues. |
5.0 |
n/a |
n/a |
|
Process |
Process execution: The Inventory module captures whenever a process starts on the device. |
2.1 |
2.1 |
2.1 |
|
ProcessStabilization |
The time taken for a process execution to be considered stable whenever a monitored process starts on the device. |
3.2 |
n/a |
n/a |
|
ProcessUsage |
A daily summary of the launches and terminations of processes. The Process Usage capture source is required by the 1E Powered Inventory feature (1E connector). Process Usage capture can generate high disk I/O while capturing process usage on virtual machine hosts with guests starting at the same time. |
3.2 |
n/a |
n/a |
|
SensitiveProcess |
Performance metrics for sensitive processes: The metrics executable runs every 4 hours by default. This capture source is required by the Experience Analytics application. |
5.0 |
n/a |
n/a |
|
Software |
Software installs/uninstalls/presence: The Inventory module captures whenever software is installed/uninstalled, and it also captures which software is present on a device. |
2.1 |
2.1 |
2.1 |
|
SoftwareInteraction |
Software process responsiveness and duration of active interaction. |
5.1 |
n/a |
n/a |
|
SoftwarePerformance |
Performance metrics for software: Software performance polling is every 10 seconds by default. This capture source is required by the Experience Analytics application. Aggregated with SoftwarePerformance data:
|
5.0 |
n/a |
n/a |
|
TCP |
Outbound TCP connections: The Inventory module captures whenever an outbound TCP connection is made. |
2.1 |
2.1 |
2.1 |
|
UserUsage |
A daily summary of all the logons and logoffs of users. This capture source is required by the 1E Powered Inventory feature (1E connector). |
3.2 |
n/a |
n/a |
Data management and retrieval
The data is captured and stored to a local, encrypted, persistent store and then periodically aggregated according to an ongoing daily, weekly, or monthly window. This means that the data is held securely, and the amount of data is minimized while still maintaining its usefulness.
1E provides a number of DEXPack instructions that will let you interrogate your 1E Client devices for the data they hold.