Auditing
Provisioning Services provides an auditing tool that records configuration actions on components within the Provisioning Services farm, to the Provisioning Services database. This provides administrators with a way to troubleshoot and monitor recent changes that might impact system performance and behavior.
The Provisioning Services administrator privileges determine the audit information that can be viewed and the menu options that are visible. For example, a Farm Administrator can view all audit information within the farm, unlike a Device Administrator whom can only view audit information for those device collections they have privileges to.
Auditing is off by default. To enable it:
- In the Console tree, right-click on the farm, then select the farm Properties menu option.
- On the Options tab, under Auditing, check the Enable auditing check box.
Note: If the Provisioning Services database is unavailable, no actions are recorded.
The following managed objects within a Provisioning Services implementation are audited:
- Farm
- Site
- Provisioning Servers
- Collection
- Device
- Store
- vDisks
Only tasks performed from one of the following Provisioning Services utilities are recorded:
- Console
- MCLI
- SOAP Server
- PowerShell
Accessing auditing information
Auditing information is accessed using the Console. You can also access auditing information using programmer utilities included with the product installation software:
- MCLI programmer utility
- PowerShell programmer utility
- SOAP Server programmer utility
In the Console, a farm administrator can right-click on a parent or child node in the Console tree to access audit information. The audit information that other administrators can access depends on the role they were assigned.
The tree allows for a drill-down approach when accessing the level of audit information needed.
To access auditing information from the Console
- In the Console, right-click on a managed object, then select the Audit Trail… menu option. The Audit Trail dialog displays or a message appears indicating that no audit information is available for the selected object.
- Under Filter Results, select from the filter options, which enable you to filter the audit information based on, for example, user.
- Click Search. The resulting audit information displays in the audit table:
Note: Columns can be sorted in ascending and descending order by clicking on the column heading.
-
Action list number
Based on the filter criteria selected, the order the actions took place.
-
Date/Time
Lists all audit actions that occurred within the Start date and End date filter criteria.
-
Action
Identifies the name of the Provisioning Services action taken.
-
Type
Identifies the type of action taken, which is based on the type of managed object for which the action was taken.
-
Name
Identifies the name of the object within that object’s type, for which the action was taken.
-
User
Identifies the user’s name that performed the action.
-
Domain
Identifies the domain in which this user is a member.
-
Path
Identifies the parent(s) or the managed object. For example, a Device will have a Site and Collection as parents.
-
-
To view additional details for a particular action, highlight that action’s row within the results table, then click one of the option buttons that follow:
Option Description Secondary Any secondary objects that this action affected. This opens the Secondary dialog, which includes the Type, Name, and Path information. This dialog allows you to drill down to view secondary object actions such as Parameters, Sub Actions, and Changes as described below. Parameters Any other information used to process the action. This opens the Parameters dialog, which includes Name (parameter name) and Value (object name) information. Sub Actions Additional actions that were performed to complete this action. This opens the Sub Actions dialog, which includes Action, Type, Name, and Path information. Changes Any new or changed values (such as ‘Description’) associated with the object (such as a target device). This opens the Changes dialog, which includes Name, Old, and New information.
Archiving audit trail information
The Farm Administrator determines how long to make audit trail information accessible before it is archived.
To configure audit trail archiving:
- In the Console tree, right-click on the farm, then select Archive Audit Trail….The Archive Audit Trail dialog appears.
- Browse to the location where audit trail information will be saved (XML file). The Select File to Archive Audit Trail To dialog opens.
- Select the location, then type the name of the new file in the File name text box.
- Open the calendar from the End date drop-down menu, then select the date on which the audit trail information should be archived. The default is the current date.
- To remove all audit information, select the Remove information archived from the Audit Trail check box . Once the information is removed, it can no longer be accessed directly from Provisioning Services. It will only exist in the XML file.
- Click OK.