Does anyone know if there is a way to track or find out which user enabled a specific patch site?
I can see in the GatherDB log when it was done, but nothing about who enabled it. My audit
file also only shows logins for the day mentioned in the GatherDB log, nothing about actions.
I am very surprised this event did not trigger an audit log entry. Reach out to support to see if they know of a method to produce the audit information in this case.
Additionally, I suggest filing a BigFix Idea (HCL way of saying Request for Enhancement [RFE]) via the BigFix Ideas Portal to add this very audit-worthy logging capability to the server. Personally, I would have expected to see (at a minimum) the following events already to be in the audit log (including the what/when/by whom):