6.3 Administration Events that Can Be Audited

The elements that can be monitored are accessible under the Administration root element in the Explorer pane.

Audit alarms can be generated for most Administration elements. Table 6-1 describes the administration features with auditing options.

Table 6-1 Administration Features with Auditing Options

Administration Feature



Tracks when a script executed on the Operations Center server creates an Audit event.


Tracks creating, deleting, updating, starting and stopping adapters; storing log information; executing scripts; reading seedfiles; processing hierarchy files; and, changing adapter status.

Audit Definitions

Tracks changes made in enabling or disabling audit functions globally and storing audit data in the Event Data Store.


Tracks server-side script executions and errors.

Calendars, Schedules

Tracks creating, updating, and deleting calendars and schedules, and adding, removing, and updating calendar items.

Console Definitions

Tracks creating, deleting, and updating definitions.

Database Definitions

Tracks creating, updating, deleting, enabling, disabling, and reinitializing the schema.

Data Warehouse

Tracks updating the Warehouse properties, starting and stopping the Warehouse engine, and clearing the backup repository queue, as well as changes to SLA definitions (if BSLM is licensed).


Tracks creating, updating, enabling, deleting, and running jobs.

Operation Definitions

Tracks creating, deleting, updating, and executing operations.

Profiles and Expressions

Tracks the creating, updating, and deleting profiles and expressions, as well as starting and stopping profiles and purging the queue of data not yet written to the database.

Saved Analyses

Tracks saved and deleted analyses (Analyses are available if BSLM is licensed).


Tracks changes to users, groups, and access control permissions.


Tracks configuration storage messages, log messages (nonadapter based), and server memory violation messages. Auditing of server log messages can cause significant increases in the amount of audit data stored.

Time Categories

Tracks updating time categories.

User Sessions

Tracks users logging in or logging out, and the callback queue status.

View Builder Repository

Tracks updating, importing, exporting, deleting, and executing View Builder files.

Web Server

Tracks starting, stopping, and restarting the Web server, as well as updating and restoring the Portal, and removing archived portal configurations.

The following figure shows audit events for the Sessions element. The audit identifies various warnings for memory thresholds and changes to audit settings for the Operations Center server.

Figure 6-1 Alarms View

Audit alarms provide columns of information described in Section 6.7, Viewing Audit Events.

To enable and use Audit features:

  1. Enable audit functions globally and set the maximum number of audit alarms to store in memory.

    By default, auditing is disabled. Optionally enable storing audit events in the Service Warehouse to maintain a historical record. See Section 6.4, Globally Enabling Auditing and Storage of Audit Events.

  2. Select the events to be audited for individual elements. See Section 6.5, Auditing Administration Elements.

  3. View audit alarms by using the Alarms view. See Section 6.7, Viewing Audit Events.