Open for Voting

Improve/Expand on audit log tracking

I've had some discussion with fellow MVP's and we all feel the audit log could use a big FR for the things we want to see tracked.

On my list I can think of:

  • who & when a credential is added or removed
    • eg: include module (Credential added to UDT? Credential added to SAM template?)
    • also: credential changed for the actual SQL or Netflow DB (backend/admin) + who + timestamp
  • who & when a component in a view is edited
    • example: when someone hits edit on a component - who & what?
  • When a report is modified in any way
    • eg: who ?
    • was the report description changed?
    • custom properties added?
    • new schedule added or removed from said report?
  • When an alert is modified in any way
    • eg: who modified the alert
    • was the title changed?
    • was the alert criteria changed?
    • was a new trigger added?
    • was a schedule changed?
    • was a node muted?
  • every single action a particular account takes
    • maybe as a toggle option or with a date option? EG: store every action a newly created user account does for the first 30 days. Or a "turn it on for a month starting now" kind of thing?

I'll add more as I discuss this with jbiggley​ and probably every single MVP.

designerfx
Parents

  • The "solution" is to modify NPM to use TACACS.  I get all the requested information from my TACACS servers' logs, plus TACACS either allows or denies access to every device, and to every command on every TACACS-compatible-device, with full logging.

    Now, if only SW would only buy out Cisco and implement awesome compatibility and upgrades and logging and AAA . . .

Comment

  • The "solution" is to modify NPM to use TACACS.  I get all the requested information from my TACACS servers' logs, plus TACACS either allows or denies access to every device, and to every command on every TACACS-compatible-device, with full logging.

    Now, if only SW would only buy out Cisco and implement awesome compatibility and upgrades and logging and AAA . . .

Children
  • in reply to rschroeder

    I only began to appreciate what TACACS does recently. I agree that TACACS style logging is a logical way to summarize a good portion of what I'm looking for, but more or less the point is to track what people have done. Say I went to the summary page, deleted a component, went to a node detail page, why not have a way to trace that and improve workflows for your teams as well as  ensure these things are actually logged in Orion. I see this being as much good UX as security and auditing.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.