Sysload: How to configure Audit Trail on Management Server

Document ID : KB000104567
Last Modified Date : 05/07/2018
Show Technical Document Details
Introduction:

The Audit trail feature enables user's Console actions to be recorded in an audit trail.
Actions such as Console Object creation, Alert deployment, Monitored Object registration can be recorded. 

To exploit the audit trail reports feature use Sysload Analyst Rich Client (formerly Sysload Analyst Console).
Refer to Sysload Analyst Rich Client (formerly Sysload Analyst Console) Administrator Guide for further information.

Question:
How to configure Audit Trail on Management Server ?
Environment:

Audit trail configuration is made via the Management Server configuration file ("sldmgts.ini"). By default, this is located here:

  • Windows: "C:\Program Files\Sysload\sldmgts\sldmgts.ini"
  • UNIX: "/usr/local/sysload/sldmgts/sldmgts.ini"
Answer:

The "AuditTrail" parameter is configured so that all information is stored into a single log called "audittrail_default.csv", daily archives made at midnight, 8 previous archives are kept, with a maximum of 2000KB for the files.

[General]

EnableAuditTrail=1

[AuditTrail]

LogDirectory=C:\Program Files\Sysload\sldmgts\audittrail
LogFileName=audittrail_default.csv
LogRotatePeriod=day(1)
LogRotatePeriodReference=00:00:00
LogRotateMaxFileSizeKb=2000
LogRotateKeepFileCount=8
LogRotateDirectory=C:\Program Files\Sysload\sldmgts\audittrail
LogFieldSeparator=,

Additional Information:
 Console Actions Logged
 

Type

Sub-types

Example Action Types

INFO

INFO

General Information

ADMINISTRATION

INFO, SERVER, DATABASE

Backup/Restore

ACCESS

INFO, LOGIN, SLDAPI

Actions such as user login/logout that involve a connection to the Management Server.

AGENT

INFO

Deployment of Enterprise and local Entities

Deployment of Enterprise and local Alerts

Clean-up of Duplicate Entities and Alerts

Starting and Stopping of Agents.

MSOBJECTS

INFO, ACL

Actions logged are related to modifications made in the Management Server database: for example Workspace, Group, Views, Dashboards, MO Registration, Enterprise Models, Rights (Agent/User etc.) Portal Eligibility.

The above "Action Types" column is not an exhaustive list however types listed are the most common actions.

For a full description of Console and Management Server Audit trail log messages refer to documentation.

Types and sub-types are used in the keywords "ExcludeAuditSubtypes ", "AuditTypes", "AuditSubtypes", "IncludeAuditTypes", "IncludeAuditSubtypes", "ExcludeAuditTypes".


Details extracted from documentation, available at this location