This document describes where the Audit and Security Command Center Audit Log Viewers obtain their data.
The Audit Log Viewer GUI will obtain its data only from the SEOSDATA table. Reports can be run off both the SEOSDATA and the AuditExtendString table. The AuditExtendString table is only updated if using the Post Collection Utility(PCU) and is normally used in relatively smaller environments.
Security Command Center log viewers can be configured to obtain data from either the SEOSDATA table or the Table Collectors. Each configured Table Collector has its own table built off the raw data in SEOSDATA. The Table Collector tables will be located in the Audit database. Security Command Center interfaces with the Audit data using the same ODBC connection as Audit uses to insert events into the database.