Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 12

Report on ALL audit events

As per the title really...

Is there a way to generate a report that includes all audit events? I may just be missing the obvious (again) but I can't see how to say 'all audit events in last x' or do I need to use a custom SQL query, and if so, clues on that please?

Thank you.

0 Kudos
4 Replies

I have posted some examples yesterday. Just remove filter for views and resources and you should get full list of audit events.

It is also possible to see them all via Message Center, just select tick box for audit events only and they should all pop up

Let me know if you want to tune it further - I can help

With Gratitude,
0 Kudos

Hey Alex, and thanks for the reply. I can see a use for that so will probably use it as well. However, my use of words may not be 100% right, especially in Solarwinds and/or DB terms and what is what.

I was really after seeing all the actions such as node down, node up, etc and having those sent in a report on a daily basis. This way we can store the details for longer (my colleagues can be slow in following through on audit inspections / checks / etc) but also, I just find it easier to navigate a static view rather than trying to force a view from the GUI.

I have found in the past, when trying to correlate a specific item going down, and whether we raised an incident to be quite problematic via the GUI, so having these in a 'static' report would be very useful.

So, is my use of audit the wrong word here and perhaps I mean events?

All that said, my fledgling (very) SWQL/SQL skills may be able to utilise your script for this purpose. Can't hurt to try, maybe 🙂

0 Kudos

I advise you to go to Message Center first and understand which exact events you want to output into report. Alerts, Audit Events and Events (such as Node Down) are 3 different things and they are stored in different places in DB. There are many thousands of those in typical database (if not millions in some cases) and I am not sure if it would be useful for you to go through such flat list of events. 

Understand first what exact events you need and then we can work out how you can receive them in a snapshot report

Thanks again Alex.

Me being me, I sort of expected this to have already been requested or a stamndard report exists and I was just missing it. Will go a digging and see what we need.


0 Kudos