-
Re: Missing Audit Events?
d09hNov 8, 2017 12:53 PM (in response to rfackrell)
When I've changed settings directly in the database (via RDP session), I've seen the audit trail empty as you've described. Makes sense if you think about it.
-
Re: Missing Audit Events?
rfackrell Nov 8, 2017 1:00 PM (in response to d09h)That does make sense, Scary though, cause NO ONE except myself on one other should be messing around in the DB. Definitely not some person unmanaging stuff. Even a SWQL session leave those with its SWIS Calls.
I'm a relative noob on DBs, is there a way myself or a DBA might be able to track if someone track if that's been done?-
Re: Missing Audit Events?
aLTeReGoNov 8, 2017 1:05 PM (in response to rfackrell)
Is it possible that these objects were unmanaged using the Scheduled Unmanage Utility or via SWIS using the Orion SDK?
-
Re: Missing Audit Events?
rfackrell Nov 27, 2017 11:58 AM (in response to aLTeReGo)1 of 1 people found this helpfulI just got off the phone with SW Support. Turns out one of the users had disabled the Audit Trail. *Facepalm*
Just in case anyone else needed this,
You can check if Audit Tail is enabled by going to All Settings -> Web Console Settings -> Check the Box.
Thanks for everyone's help!
-
-
-
-
Re: Missing Audit Events?
Mike Lomax Dec 13, 2017 8:25 AM (in response to rfackrell)rfackrell the resource you mention and its functionality caught my eye as something that would be helpful in our environment. But I have not been able to figure out what resource you are referring to. Is this something custom for your environment or a canned resource that SolarWinds provides? Would love to hear more details on this.
THANKS
Mike
-
-
Re: Missing Audit Events?
Mike Lomax Dec 13, 2017 9:13 AM (in response to aLTeReGo)Thanks aLTeReGo...
That was what I thought at first. Except he states that the resource he is using also show the schedule times and the Audit Log does not show those. It should, IMHO, but doesn't.
Here is what I get selecting the "Node managed" and "Node unmanage" types:
But wait... If I use the "Node edited" type it does show the times but now also shows all other Node edits which is not what I would want:
I guess what would be helpful in this resource would be to allow for filtering. Then I could filter on the keyword "UnManageFrom" and get what rfackrell is talking about. This would also come in handy
This does seem to be handled much better for Alert Muting Audit Events. With those their are types for "Alerts muted", which shows the schedule, "Schedule for muting alerts changed", which shows the new schedule, and "Alerts unmuted".
Adjusting the Unmanage types to work the same would also provide the desired result. However I still think the ability to filter would better cover all scenarios across all Audit Types.
Still wondering if he is doing something different to only get the unmnage audit events.
Mike
-
Re: Missing Audit Events?
rfackrell Dec 13, 2017 2:16 PM (in response to Mike Lomax)Mike, Yeah we created custom report that shows us the Currently Unmanaged Devices. I think someone else modified some code they found in the community in order to accomplish our goals. I just shared it in the content exchange:
https://thwack.solarwinds.com/docs/DOC-192739
It’s just a SQL Query so it’s possible to edit it however you need. For example, we have a Site Code and a Tech Group Custom Property that we group it by. I took these out of the uploaded version.
-
-
-