By default, auditing is disabled. To use auditing, enable the audit function globally.
In the Explorer pane, expand the Enterprise root element > Administration > Server.
Right-click the Audit element and select Properties.
In the left pane, click Audit.
In the Audit property page, select Audit settings updated for an element.
Select Enable Auditing globally with maximum audit alarms.
When this option is not selected, auditing stops, but the data collected is retained.
Perform one of the following steps to determine the maximum number of alarms to retain in memory:
Type the number of alarms to retain in memory in Maximum Audit Alarms. When the maximum number is reached, the oldest audit alarms are removed from memory based on a first in/first out basis. The default number is 500.
Select Unlimited Alarms to retain all audit alarms in memory. This option allows monitoring activity without accessing alarm history. This option should only be used for short term, limited use.
WARNING:Using a high value for Maximum Audit Alarms or selecting the Unlimited Alarms option might cause the Operations Center server to run out of memory. When the server runs out of memory, a message displays and all alarm information currently in memory is lost. Operations Center recommends a strategy of setting a low value (such as 500) for the maximum number of alarms and storing the audit alarm history in the Event Data Store (use the Enable AuditProfile Globally for Alarms History option). Audited alarms are then saved and no information is lost if there is a system failure.
Select Enable AuditProfile Globally for Alarms History to automatically store audit alarms in the Event Data Store.
To facilitate storing audit alarms, a profile named AuditProfile is automatically created and configured with an alarm expression that captures alarm history, and uses a schedule named AuditProfileSchedule, which is also created automatically.
The matches for the AuditProfile are completed automatically by using a DName matcher against the Administration element, to capture selected events for all Administration elements.
Settings for the AuditProfile, AuditProfileExpression, and AuditProfileSchedule default definitions are not editable. However, data retention settings for the AuditProfile can be modified. Significant data storage might be required depending on the amount and type of audit data retained. It is recommended that the AuditProfile data retention setting be configured to a reasonable amount of time (the default is 30 days).
To create and configure a custom profile for capturing audit data or to not store audit alarm history in the Event Data Store, do not select this check box.
Click Apply to save and activate the audit selections.
The two check boxes that control global auditing can be modified in multiple places in Operations Center software. The Enable Auditing globally with maximum audit alarms or Enable AuditProfile Globally for Alarms History settings can be modified in an individual element’s Audit Properties page.
WARNING:If the Service Warehouse is not available, none of the audit events in the queue are retained.
The Audit element found under Administration, Server provides two menu commands for supporting global audit settings for audit-related alarms.
In the Explorer pane, expand the Administration root element > Server.
Right-click the Audit element, then select Set Audit Max Alarms, then select one of the following options:
|
Maximum Audit Alarms |
Description |
|---|---|
|
100, 500, 1000, or 5000 |
Specifies the maximum number of alarms. If auditing is disabled, selecting any alarm value (other than No Alarms) enables auditing. |
|
No Alarms |
Disables auditing. |
|
Unlimited Alarms |
Monitors Operations Center software activity without accessing alarm history. Do not select this option during normal operation because the server might lock up if a large number of actions are audited, and the server eventually runs out of memory. |
Right-click the Audit element and select Set Audit Alarm History.
Select the AuditProfile to capture the alarms for historical purposes. Data retention on this profile defaults to 30 days.
When Set Audit Alarm History is not selected, the AuditProfile stops storing audit alarms for historical purposes.
Audit events are not selected by default even when global auditing is enabled.