A guide to Service Desk auditing.

Document ID : KB000054528
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Service Desk can the audit changes made to several tables. This document will explain how to implement this, and what you should expect to see in the audit information.

Solution:

Auditing in Service Desk is implemented when Service Desk is installed, but it isn't turned on by default. To turn auditing on, you need to install the relevant options:

  1. Log into Service Desk as an Administrator

  2. Select the "Administrator" tab.

  3. Expand the "Options" leaf.

  4. Expand the "Audit Log" leaf.

  5. Install the appropriate option:

    • audit_ins - Audit any insert operations. Insert this to be able to find out when a new record is inserted.

    • audit_upd - Audit any update operations. Insert this to be able to find out when a new record is updated.

  6. Restart Service Desk.

Auditing monitors the following Service Desk objects:

  • Data Partitions (dmn and dcon objects)

  • Issues (iss object)

  • Change Orders (chg object)

  • Requests/Incidents/Problems (cr object)

  • Contacts and Groups (cnt object)

  • Configuration Items (nr object)

Once auditing is enabled, every time a row is inserted or updated (depending on which auditing options are installed) in an audited table. To see the inserts and updates which have been audited:

  1. Log into Service Desk as an Administrator

  2. Select the "Administrator" tab.

  3. Expand the "Service Desk" leaf.

  4. Select the "Audit Log List" option.

This shows the list of inserts and/or updates which have been audited. In the list below, you can see:

  • The creation of a new request/incident/problem. The ticket type isn't visible, since it simply shows a row being inserted into the "cr" table.

  • The update of a request/incident/problem. The "Assignee" field was changed, as you can see in the second line. The third line represents the "Time Spent" field being updated.

  • This isn't done explicitly by the user; it's an implicit change which is done by Service Desk.

  • The update of a request/incident/problem. The "Category" field was changed, as you can see in the second line. Again, the next line represents the "Time Spent" field being updated by Service Desk.

  • The update of a change order, changing the status from "RFC" to "Approval in progress".

  • A change to one of the data partition constraints in a data partition definition. This is represented by an update to the dcon object, which holds the data partition constraint definitions.

  • The update of the status of a data partition definition, changing it to inactive. This is represented by an update to a different object, dmn, which holds the data partition definitions.
    Figure 1

Note that auditing only takes place if the object which is being audited (see the bulleted list above) is edited. It is possible to make changes to these objects without editing the object itself. Examples of this are:

  • Inserting a workflow task into a change order.

  • Adding a CI to a change order.

  • Removing a data partition constraint from a data partition definition (by right-clicking on the data partition constraint in the list and selecting "Delete Condition")