Audit History Recommendations

I’ve seen a lot of posts talking about keeping an audit history of stopped/expired/deleted actions, as well as other changes. But, none go into much detail. I’m hoping anyone that’s created a homebrew audit data warehouse could tell me - in general - how they went about it. I’m guessing anyone that’s gone through this will probably have links to resources that were helpful, considering a solution needs to be customized.

Types of historical information we need to retain:

  • All past action information (start/stop time, targets, results, issued by, etc)
  • Deleted actions (which user deleted it, when, and the information from above)
  • What changes were made to fixlets, baselines, server automation plans, analyses, and who made them
  • Record of removed computers (when, what, and by who)
  • Any other changes that could potentially be made

I know, tall order. But, we’re managing over 3,500 computers in a multi-tenant environment (mostly Windows servers, but some Linux as well). So, there’s a large number of techs, most of which have to be master operators. Most posts I found here simply say things like “Use the API to query the database”. But, it never goes into how/where to store it, how to automate the process, etc. Any help/advice would be greatly appreciated.

On a side note, if you want a native solution, you should go and vote for this RFE from the most recent archiving post I found:

https://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=127380

2 Likes