I'm working on a perl library that will, among other things, slurp a family of Custom Properties out of our CRM and into SolarWinds NPM Nodes. I'm noticing that when I use the web interface to manually edit a Custom Property, an Auditing Event appears in the Node Summary widget we have defined for 'Last 5 Audit Events', which selects from all possible event types related to the node. When I run my perl script to edit these same Custom Properties, no Audit Events appear.
From playing in the Message Center, I find that if I do a search for events generated by my own username (using %jlellis% rather than the *jlelllis* I expected) then I do get my own events for actions performed through the web gui. If I do the same search for actions taken by the account I created specifically for use by perl scripts, I get zippo. It appears that nothing done through the perl SDK is being tracked by the Auditing system.
My assumption is that SWIS and/or the SDK has not been updated to automatically create the Auditing Events new in 10.4. For security purposes, I would expect that something beyond the SDK would be responsible for tracking these events. Are there plans to ensure SWIS/SDK operations are also generating appropriate Auditing Events without us having to generate them in our own code?
This seems like an Auditing hole big enough to drive a semi through. I could write a script to destroy our tables and there would be nothing tracking it. Tsk.