This section describes the audit events available for each administrative element. After you globally enable the audit function, it is necessary to select events to be audited for individual administration elements. This requires opening an element’s properties and selecting audit events on the Audit page. Audit events can be selected for the Administration element and for its child elements.
In the Explorer pane, right-click the element and select Properties.
In the left pane, click Audit.
The Audit option is available only if the element has auditable events.
The Audit property page displays a list of events that can occur for the element. See Section 6.5.3, Administrative Audit Events for more information about each type of event.
Perform one of the following steps:
Click All to select all events.
Select the check box next to an event to enable auditing for the event.
Click None to deselect all check boxes on the Audit page.
Click Apply to save your changes. Audit alarms are generated for the selected audit events.
The global settings displayed at the bottom of the element’s Audit property page are Enable Auditing globally with maximum audit alarms and Enable AuditProfile Globally for Alarms History. Changing these settings on any element’s Audit page affects the entire Operations Center enterprise.
For example, if you deselect the Enable Auditing globally with maximum audit alarms check box, auditing is disabled for all elements and for the entire enterprise. No new audit alarms are generated. Similarly, if you deselect the Enable AuditProfile Globally for Alarms History check box, no additional audit alarms are stored in the Data Warehouse.
Table 6-2 lists the audit events available for each element. It also defines the condition for issuing an audit alarm for each event.
Table 6-2 Audit Event Options
|
Element |
Event |
An Audit alarm is issued when… |
|---|---|---|
|
Access Control |
ACL Update operation performed |
Changes are made to an element’s Access Control property page. |
|
Access Control |
ACL Delete operation performed |
A deletion is made on an element’s Access Control property page. |
|
Adapters |
Adapter Create performed |
An adapter is created. |
|
Adapters |
Adapter Update performed |
Adapter property changes are applied to an adapter. |
|
Adapters |
Adapter Delete performed |
An adapter is deleted. |
|
Adapters |
Adapter Start performed |
An adapter is started. |
|
Adapters |
Adapter Stop performed |
An adapter is stopped. |
|
Adapters |
Adapter’s XMLEditor Save operation performed |
An adapter’s hierarchy XML file is modified and saved by using the Operations Center XMLEditor. |
|
Adapters |
Adapter Seedfile was read |
The Operations Center server reads an adapter’s seedfile. |
|
Adapters |
Adapter script was executed |
The Operations Center server executes an adapter script (Script.on.Error, Script.on.Initialized, Script.onStarted, or Script.onStopped). |
|
Adapters |
Adapter status changed |
The status of an adapter changes (the adapter is started or stopped, a connection was lost, and so on). |
|
Adapters |
Adapter MODL HierarchyFile was processed |
The Operations Center server processes an adapter’s hierarchy file. |
|
Adapters |
Formula Adapter log messages (Adapter messages only) |
An adapter-related log message (any level) is generated and sent to the log file. In the Alarms View, the Description column displays the contents of the logged message. Includes adapter and integration messages. |
|
Adapters |
Formula Adapter ERROR log messages (Adapter error messages only) |
An adapter-related ERROR log message is generated and sent to the log file. To audit only this level of log message, select this check box and deselect the general Formula Adapter log messages check box. |
|
Adapters |
Formula Adapter WARN log messages (Adapter warning messages only) |
An adapter-related WARN log message is generated and sent to the log file. To audit only this level of log message, select this check box and deselect the general Formula Adapter log messages check box. |
|
Adapters |
Formula Adapter INFO log messages (Adapter informational messages only) |
An adapter-related INFO log message is generated and sent to the log file. To audit only this level of log message, select this check box and deselect the general Formula Adapter log messages check box. |
|
Administration |
Script generated Audit Events |
A script executed on the Operations Center server creates an audit event. |
|
Analyses |
Analysis Save operation performed |
An analysis is created or saved from the Performance Analysis dialog box. |
|
Analyses |
Analysis Delete operation performed |
An analysis is deleted. |
|
Audit |
Audit settings updated for an element |
An element’s Audit property page is updated. |
|
Automation |
Automation script was executed |
The Operations Center server executes a server-side automation script. |
|
Calendars |
Calendar Create or Update performed |
A calendar is created or its property pages are edited. |
|
Calendars |
Calendar Delete performed |
A calendar is deleted. |
|
|
Calendar item Add performed |
A new item such as a time definition is added to a calendar. |
|
Calendars |
Calendar item Remove performed |
An item is removed from a calendar’s Calendar property page. |
|
Calendars |
Calendar item Modify performed |
A calendar item is edited. |
|
Console Definitions |
Console Create operation performed |
A console definition is created. |
|
Console Definitions |
Console Update operation performed |
Changes to a console definition are applied. |
|
Console Definitions |
Console Delete operation performed |
A console definition is deleted. |
|
Database Definitions |
Database Create operation performed |
A database definition is created. |
|
Database Definitions |
Database Update operation performed |
Changes to a database definition’s properties are applied. |
|
Database Definitions |
Database Delete operation performed |
A database definition is deleted. |
|
Database Definitions |
Database Enable operation performed |
A database definition is enabled. |
|
Database Definitions |
Database Disable operation performed |
A database definition is disabled. |
|
Database Definitions |
Database schema initialization performed |
A database schema is initialized. |
|
Data Warehouse |
Data Warehouse settings update performed |
Changes to Data Warehouse properties are applied. |
|
Data Warehouse |
Start Data Warehouse operation performed |
The Data Warehouse is started. |
|
Data Warehouse |
Stop Data Warehouse operation performed |
The Data Warehouse is stopped. |
|
Data Warehouse |
Clear Data Warehouse backup queue operation performed |
The Data Warehouse backup queue is cleared. |
|
Data Warehouse |
Service Level Agreement updated |
Changes to an SLA definition are applied. Only applicable if BSLM is licensed. |
|
Data Warehouse |
Global settings changed |
Changes to Data Warehouse global settings are applied. |
|
Groups |
Group Create operation performed |
A new group is created. |
|
Groups |
Group Create operation performed |
A new group is created. |
|
Groups |
Group Update operation performed |
Changes to a group’s properties are applied. |
|
Groups |
Group Delete operation performed |
A group is deleted. |
|
Jobs |
Create Job operation performed |
A job is created. |
|
Jobs |
Edit Job operation performed |
A job’s property pages are updated. |
|
Jobs |
Enable Job operation performed |
The Enable Job command is selected for a job. |
|
Jobs |
Disable Job operation performed |
The Disable Job command is selected for a job. |
|
Jobs |
Enable All Jobs operation performed |
The Enable All Jobs command is selected for the Jobs element. |
|
Jobs |
Disable All Jobs operation performed |
The Disable All Jobs command is selected for the Jobs element. |
|
Jobs |
Delete Job operation performed |
The Delete Job command is selected for a job. |
|
Jobs |
Run Job operation performed |
The Run Job command is selected for a job. |
|
Job |
Job execution status |
A job has been executed. |
|
Operation Definitions |
Operation Create performed |
An operation definition is created. |
|
Operation Definitions |
Operation Update performed |
Changes to an operation definition are applied. |
|
Operation Definitions |
Operation Delete performed |
An operation definition is deleted. |
|
Operation Definitions |
An Operation was performed |
An element or alarm operation is performed. |
|
Profiles |
Profile Create operation performed |
A profile is created. |
|
Profiles |
Profile Update operation performed |
Changes to a profile are applied. |
|
Profiles |
Profile Delete operation performed |
A profile is deleted. |
|
Profiles |
Profile Start Engine operation performed |
The Data Warehouse Engine is started. |
|
Profiles |
Profile Stop Engine operation performed |
The Data Warehouse Engine is stopped. |
|
Profiles |
Profile Start operation performed |
A profile is started. |
|
Profiles |
Profile Stop operation performed |
A profile is stopped. |
|
Profiles |
Profile Stop and Purge Queue operation performed |
The Stop and Purge Queue command is issued. |
|
Profiles |
Performance database queue status update |
The Data Warehouse Engine database queue status changed because it is being filled (increasing severity) or emptied (decreasing severity). |
|
Profiles |
Expression Create operation performed |
A new expression is created. |
|
Profiles |
Expression Update operation performed |
Changes to an expression are applied. |
|
Profiles |
Expression Delete operation performed |
An expression is deleted. |
|
Schedules |
Schedule Create or Update is performed |
The Create Schedule command is selected or a schedule’s Schedule property page is edited. |
|
Schedules |
Schedule Delete is performed |
A schedule is deleted. |
|
Server |
Memory threshold violation messages |
Memory usage exceeds thresholds. |
|
Server |
Log messages (Any non-Adapter messages) |
A server-related log message at any level is generated and sent to the log file. In the Alarms View, the Description column displays the contents of the logged message. Filters out adapter and integration messages. IMPORTANT:Use this option only when absolutely necessary. It can generate a large volume of data and cause problems if the system is logging a large amount of information. |
|
Server |
ERROR log messages (Non-Adapter error messages only) |
To audit only this level of log message, select this check box and deselect the general Log Messages check box. |
|
Server |
WARN log messages (Non-Adapter warning messages only) |
To audit only this level of log message, select this check box and deselect the general Log Messages check box. |
|
Server |
INFO log messages (Non-Adapter informational messages) |
To audit only this level of log message, select this check box and deselect the general Log Messages check box. |
|
Sessions |
Login session created |
A user logs into Operations Center software. |
|
Sessions |
Login session destroyed |
A user logs out of Operations Center software. |
|
Sessions |
Session callback queue status update |
Events in the callback queue request a reply from the client. A flood of events can fill up the queue, and cause the client to hang. Audit events can warn when the callback queue is half full. Add the following to /OperationsCenter_install_path/config/formula.custom.properties to set the maximum number of events that can fill the callback queue before a warning is issued: Server.sessionQueueLength=50000 When the number of events in the callback queue reaches one half of this value, warnings are generated. Audit events can be issued when these warnings are generated. |
|
Time Categories |
Time Categories Update performed |
The Schedules’ element’s Time Categories property page is updated. |
|
Users |
User Create operation performed |
A new user is created. |
|
Users |
User Update operation performed |
Changes to a user’s properties are applied. |
|
Users |
User Delete operation performed |
A user is deleted. |
|
View Builder Repository |
View Builder Import operation performed |
The Import command is issued. |
|
View Builder Repository |
View Builder Export operation performed |
The Export command is issued. |
|
View Builder Repository |
View Builder Run operation performed |
The Run command is issued for a View Builder element. |
|
View Builder Repository |
View Builder’s XMLEditor Save operation performed |
A View Builder’s XML file is saved using the Operations Center XML Editor. |
|
View Builder Repository |
View Builder Delete operation performed |
A View Builder element is deleted. |
|
Web Server |
Web Server Start operation performed |
The Start Web Server command is selected. |
|
Web Server |
Web Server Stop operation performed |
The Stop Web Server command is selected. |
|
Web Server |
Web Server Restart operation performed |
The Restart Web Server command is selected. |