User Guide for Resource Manager Essentials 4.1 (With LMS 3.0)
Chapter 15: Tracking RME Server Changes Using Audit Trail
Downloads: This chapterpdf (PDF - 402.0KB) The complete bookPDF (PDF - 24.7MB) | Feedback

Tracking RME Server Changes Using Audit Trail

Table Of Contents

Tracking RME Server Changes Using Audit Trail

Audit Trail Record

Generating a Standard Audit Trail Report

Understanding the Audit Trail Report

Performing Maintenance Tasks

Setting the Purge Policy

Performing a Forced Purge


Tracking RME Server Changes Using Audit Trail


Audit Trail tracks and reports changes that the RME administrator makes on the RME server.

To view the list of RME tasks that trigger an Audit Trail record, see Audit Trail Record.

You can perform the following tasks using the Audit Trail records:

Generate a Audit Trail report

You can track the changes that are performed on the RME server by the RME administrator.

See Generating a Standard Audit Trail Report for procedure on generating Audit Trail report.

Purging the Audit Trail records

Frees disk space and maintains your Audit Trail records at a manageable size. You can either schedule for periodic purge or perform a forced purge of Audit Trail data.

See Performing Maintenance Tasks for scheduling a periodic purge.

Audit Trail Record

The following RME tasks trigger an Audit Trail record:

Application Name
Tasks
Navigation

Install/Migration

The following Audit records are logged at the time of migration:

Device information is migrated

Syslog message filters are migrated

Syslog automated actions are migrated

Enabling the shadow directory

Not applicable

Change Audit

Setting the Purge Policy.

An Audit Trail record is logged any time you make a change in the Purge Policy dialog box.

Resource Manager Essentials > Admin > Change Audit > Set Purge Policy

Change Audit

Performing a Forced Purge.

An Audit Trail record is logged when a Force Purge job is scheduled.

Resource Manager Essentials > Admin > Change Audit > Force Purge

Change Audit

An Audit Trail record is logged when you:

Add an automated action.

Enable or disable the automated actions.

Edit an automated action.

Import the automated actions.

Delete the automated actions.

Resource Manager Essentials > Tools > Change Audit > Automated Actions

Change Audit

An Audit Trail record is logged when you:

Add an Exception Profile

Delete the Exception Profiles

Enable or disable the Exception Profiles

Resource Manager Essentials > Tools > Change Audit > Exception Periods

Configuration Management—
Archive Management

An Audit Trail record is logged when you:

Change the Archive location

Enable or disable the Shadow directory option

Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt

Configuration Management—
Archive Management

An Audit Trail record is logged when you:

Enable or disable the Periodic Polling option

Change the Periodic Polling schedule

Enable or disable the Periodic Collection option

Change the Periodic Collection schedule

Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Collection Settings

Configuration Management—
Archive Management

Setting up the Archive Purge Policy

An Audit Trail record is logged any time you make a change in the Archive Purge Setup dialog box.

Resource Manager Essentials > Admin > Config Mgmt >
Archive Mgmt > Purge Settings

Configuration Management

Setting up the Transport Protocol Order

An Audit Trail record is logged any time you make a change in the Config Transport Settings dialog box.

Resource Manager Essentials > Admin > Config Mgmt
(Archive Mgmt, Config Editor, NetShow, and NetConfig)

Configuration Management

Setting up the Job Policy

An Audit Trail record is logged any time you make a change in the Job Policy dialog box.

Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies
(Archive Mgmt, Config Editor, NetShow, and NetConfig)

Device Management

Managing devices in Resource Manager Essentials.

Resource Manager Essentials > Devices > Device Management > RME Devices

Resource Manager Essentials > Devices > Device Management > Suspended Devices

Resource Manager Essentials > Devices > Device Management > Pre-deployed Devices

Device Management

Deleting devices in Resource Manager Essentials.

Also, when a device gets deleted as a result of alias resolution.

Resource Manager Essentials > Devices > Device Management > RME Devices

Resource Manager Essentials > Devices > Device Management > Normal Devices

Resource Manager Essentials > Devices > Device Management > Pre-deployed Devices

Resource Manager Essentials > Devices > Device Management > Suspended Devices

Resource Manager Essentials > Devices > Device Management > Conflicting Device Types

Resource Manager Essentials > Devices > Device Management > Alias Devices

Device Management

Enabling and disabling these settings in the Device Management Settings window:

Automatically Manage Devices from Credential Repository

Verify Device Credentials While Adding Devices

Resource Manager Essentials > Admin > Device Mgmt > Device Management Settings

Device Management

Suspending RME devices.

Resource Manager Essentials > Devices > Device Management > Normal Devices.

Resource Manager Essentials > Devices > Device Management > Pending Devices.

Resource Manager Essentials > Devices > Device Management > Pre-Deployed Devices

Inventory

An Audit Trail record is logged when you:

Create a job for Inventory polling and Inventory collection.

Edit a scheduled job of Inventory polling and Inventory collection.

Cancel the scheduled jobs of Inventory polling and Inventory collection.

Stop the running jobs of Inventory polling and Inventory collection.

Delete the jobs of Inventory polling and Inventory collection.

Resource Manager Essentials > Devices > Inventory

Inventory

Scheduling a Inventory Polling and Collection Job.

Resource Manager Essentials > Admin > Inventory > System Job Schedule

Inventory

Setting the Inventory Change Filter.

Resource Manager Essentials > Admin > Inventory (Inventory Change Filter)

Reports

Purging Reports Jobs and Archived Reports

Resource Manager Essentials > Admin > Reports

Software Management

Viewing and editing preferences.

An Audit Trail record is logged any time you make a change in the View/Edit Preferences dialog box.

Resource Manager Essentials > Admin > Software Mgmt > View/Edit Preferences

Syslog Analysis

Setting up Backup Policy

An Audit Trail record is logged any time you make a change in the Backup Policy dialog box

Resource Manager Essentials > Admin > Syslog > Set Backup Policy

Syslog Analysis

Setting the Purge Policy.

An Audit Trail record is logged any time you make a change in the Purge Policy dialog box.

Resource Manager Essentials > Admin > Syslog > Set Purge Policy

Syslog Analysis

Performing a Forced Purge

An Audit Trail record is logged when a Force Purge job is scheduled.

Resource Manager Essentials > Admin > Syslog > Force Purge

Syslog Analysis

An Audit Trail record is logged when you:

Add an automated action.

Enable or disable the automated actions.

Edit an automated action.

Import the automated actions.

Delete the automated actions.

Resource Manager Essentials > Tools > Syslog > Automated Actions

Syslog Analysis

An Audit Trail record is logged when you:

Create a message filter

Edit a message filter

Enable or disable the filters

Import a filter

Delete a filter

Change message filters type from drop to keep and vice versa.

Resource Manager Essentials > Tools > Syslog > Message Filters

Syslog Analysis

An Audit Trail record is logged when you subscribe/unsubscribe to a remote syslog collector.

Resource Manager Essentials > Tools > Syslog > Syslog Collector Status

System Preferences

Viewing and editing System Preferences.

Resource Manager Essentials > Admin > System Preferences.

Loglevel Settings

Setting the Loglevels for the Resource Manager Essentials applications.

Resource Manager Essentials > Admin > System Preferences > Loglevel Settings

Editing Device Attributes

Editing the RME device attributes

Resource Manager Essentials > Admin > System Preferences > RME Device Attributes



Note An Audit Trail record is not logged for all tasks performed under this navigation Resource Manager Essentials > Admin > Approval.


Generating a Standard Audit Trail Report

This option lets you compile a report on all Audit Trail changes that occurred in the network during a specific time period.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To generate the Standard Audit Trail Report:


Step 1 Select Resource Manager Essentials > Reports > Report Generator.

The Report Generator dialog box appears.

Step 2 Select Audit Trail from the first drop-down list box.

Step 3 Select Standard Report from the second drop-down list box.

Step 4 Enter the information required to generate the required report:

Field
Description
Date Range

24 Hours

Select this option, only if you want to generate a 24 hours report. This report will contain all the Audit Trail data gathered during the last 24 hours.

From

Click on the calendar icon and select the start date.

The From field is enabled only if you have de-selected the 24 Hours check box.

To

Click on the calendar icon and select the end date.

The To field is enabled only if you have de-selected the 24 Hours check box.

Selection Criteria

User Name

Select the user name. This report will be filtered on user names.

Application

Select the name of the application. This report will be filtered on application names.


Step 5 Click Finish.

The Audit Trail Standard report appears in a separate browser window.

If you want to revert to the default values in the Report Generator dialog box, click Reset.


Understanding the Audit Trail Report

The Audit Trail report contains all change information provided by RME applications based on your filter criteria. It contains the following fields.

Table 15-1 Audit Trail Report 

Field
Description

User Name

Name of the person who performed the change. This is the name entered when the person logged in. It can be the name under which the RME application is running, or the name under which the Telnet connection is established.

Application Name

Name of the RME application involved in the network change. For example, ChangeAudit, Device Management, ICServer, NetConfig, NetShow etc.

Server Name

Host name of the RME server.

Creation Time

Date and time at which the changes were performed on the RME server.

Description

Brief summary of the change that occurred on the RME server.


The following buttons are available on the Audit Trail Standard report:

Button
Description

Export to File

(Icon)

You can export this report in either PDF or CSV format.

Print

(Icon)

Generates a format that can be printed.


Performing Maintenance Tasks

You can either schedule for periodic purge or perform a forced purge of Audit Trail data. This frees disk space and maintains your Audit Trail data at a manageable size.

You can perform these tasks by following this path Resource Manager Essentials > Admin > Change Audit

The following sections describe the various tasks which you can perform from Audit Trail:

Setting the Purge Policy

Performing a Forced Purge

Setting the Purge Policy

You can specify a default policy for the periodic purging of Audit Trail data.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To set the Audit Trail Purge Policy:


Step 1 Select Resource Manager Essentials > Admin > ChangeAudit > Set Purge Policy.

The Purge Policy dialog box appears in the Periodic Purge Settings pane.

Step 2 Enter the following information:

Field
Description

Purge change audit records older than

Enter the number of days. Only Change Audit records older than the number of days that you specify here, will be purged.

The default is 180 days.

See Tracking Network Changes Using Change Audit for further information.

Purge audit trail records older than

Enter the number of days. Only Audit Trail records older than the number of days that you specify here, will be purged.

The default is 180 days.

Scheduling

Run Type

You can specify when you want to run the purge job for Change Audit and Audit Trail records.

To do this, select one of these options from the drop down menu:

Daily—Runs daily at the specified time.

Weekly—Runs weekly on the day of the week and at the specified time.

Monthly—Runs monthly on the day of the month and at the specified time.

The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.

For example: If you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed. If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, then the next job will start only at 10:00 a.m. on November 3.

Date

Enter the start date in the dd Mmm yyyy format, for example, 02 Jun 2004, or click on the calendar icon and select the date.

at

Enter the start time, in the hh:mm:ss format (23:00:00).

Job Info

Job Description

The system default job description, ChangeAudit Records - default purge job is displayed.

You cannot change this description.

E-mail

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.



Caution You might delete data by changing these values. If you change the number of days to values lower than the current values, messages over the new limits will be deleted.

Step 3 Click Save, to save the purge policy that you have specified.


Performing a Forced Purge

You can perform a forced purge of Audit Trail, as required.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To perform a Audit Trail Forced Purge:


Step 1 Select Resource Manager Essentials > Admin > ChangeAudit > Force Purge.

The Purge Policy dialog box appears.

Step 2 Enter the information required to perform a Forced Purge:

Field
Description

Purge change audit records older than

Enter the number of days. Only Change Audit records older than the number of days that you specify here, will be purged.

See Tracking Network Changes Using Change Audit for further information.

Purge audit trail records older than

Enter the number of days. Only Audit Trail records older than the number of days that you specify here, will be purged.

Scheduling

Run Type

You can specify when you want to run the force purged job for Change Audit and Audit Trail records.

To do this, select one of these options from the drop down menu:

Immediate—Runs the report immediately.

Once—Runs the report once at the specified date and time.

Date

Click on the Calendar icon and select the start date.

The Date field is enabled only if you have selected Once as the Run Type.

at

Enter the start time, in the hh:mm:ss format (23:00:00).

The At field is enabled only if you have selected Once as the Run Type

Job Info

Job Description

Enter a description for the job. This is mandatory. You can enter only alphanumeric characters.

E-mail

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.


Step 3 Click Submit for the forced purge to become effective.