The Jamf Pro server logs each interaction with a recovery key in the jss_audit table. The following information is logged about each interaction:
- audit_who —The Jamf Pro user who interacted with the recovery key.
- audit_when —The epoch of the interaction.
- audit_what —An XML representation of the object that was accessed.
- audit_where —Where it was accessed in the Jamf Pro server.
This allows you to monitor access to FileVault information in Jamf Pro by querying the Jamf Pro database. If you need assistance with querying your Jamf Pro database, or if your environment is hosted in Jamf Cloud, contact Jamf Support .