Auditing

Citrix Provisioning provides an auditing tool that records configuration actions on components within the provisioning farm, to the provisioning database. The auditing tool provides administrators with a way to troubleshoot and monitor recent changes that might impact system performance and behavior.

Administrator privileges determine the audit information that can be viewed and the menu options that are visible. For example, a Farm Administrator can view all audit information within the farm. This functionality is unlike a Device Administrator who can only view audit information for those device collections for which they have privileges.

Note:

Auditing is off by default. If the provisioning database is unavailable, no actions are recorded.

To enable auditing

  1. In the Provisioning Console tree, right-click on the farm, then select the farm Properties menu option.
  2. On the Options tab, under Auditing, check the Enable auditing check box.

The following managed objects within a Citrix Provisioning implementation are audited:

  • Farm
  • Site
  • Provisioning Servers
  • Collection
  • Device
  • Store
  • vDisks

Recorded tasks include:

  • Console
  • MCLI
  • SOAP Server
  • PowerShell

Accessing auditing information

Auditing information is accessed using the Console. You can also access auditing information using programmer utilities included with the product installation software:

  • MCLI programmer utility
  • PowerShell programmer utility
  • SOAP Server programmer utility

In the Console, a farm administrator can right-click on a parent or child node in the Console tree to access audit information. The audit information that other administrators can access depends on the role they were assigned.

The tree allows for a drill-down approach when accessing the level of audit information needed.

To access auditing information from the console

  1. In the Console, right-click on a managed object, then select the Audit Trail. menu option. The Audit Trail dialog displays or a message appears indicating that no audit information is available for the selected object.
  2. Under Filter Results, select from the filter options, which enable you to filter the audit information based on, for example, user.
  3. Click Search. The resulting audit information displays in the audit table (columns can be sorted in ascending and descending order by clicking the column heading):
    • Action list number: Based on the filter criteria selected, the order the actions took place.
    • Date/Time: Lists all audit actions that occurred within the Start date and End date filter criteria.
    • Action: Identifies the name of the Citrix Provisioning action taken.
    • Type: Identifies the type of action taken, which is based on the type of managed object for which the action was taken.
    • Name: Identifies the name of the object within that object’s type, for which the action was taken.
    • User: Identifies the user’s name that performed the action.
    • Domain: Identifies the domain in which this user is a member.
    • Path: Identifies the parent or the managed object. For example, a Device has a Site and Collection as parents.
  4. To view more details for a particular action, highlight that action’s row within the results table, then click one of the option buttons that follow:
    • Secondary: Any secondary objects that this action affected. This option opens the Secondary dialog, which includes the Type, Name, and Path information. This dialog allows you to drill down to view secondary object actions such as Parameters, Sub Actions, and Changes as described below.
    • Parameters: Any other information used to process the action. This option opens the Parameters dialog, which includes Name (parameter name) and Value (object name) information.
    • Sub Actions: Extra actions that were performed to complete this action. This option opens the Sub Actions dialog, which includes Action, Type, Name, and Path information.
    • Changes: Any new or changed values (such as ‘Description’) associated with the object (such as a target device). This option opens the Changes dialog, which includes Name, Old, and New information.

Archiving audit trail information

The Farm Administrator determines how long to make audit trail information accessible before it is archived.

To configure audit trail archiving

  1. In the Console tree, right-click on the farm, then select Archive Audit Trail. The Archive Audit Trail dialog appears.
  2. Browse to the saved location where audit trail information resides (XML file). The Select File to Archive Audit Trail To dialog opens.
  3. Select the location, then type the name of the new file in the File name text box.
  4. Open the calendar from the End date drop-down menu, then select the date on which the audit trail information should be archived. The default is the current date.
  5. To remove all audit information, select the Remove information archived from the Audit Trail check box. Once the information is removed, it can no longer be accessed directly from Citrix Provisioning. It exists in the XML file.
  6. Click OK.