Audit Log of Action History of BigFix

We are going to use BigFix for an action that required logging. I am looking for a simple way to track what computers had the specific action applied, the action result, and when it happend. Is there any such function?

Thanks…

Yes, it is found within the ActionHistory.db file.

I think I have an analysis for this somewhere that I never uploaded.

Hello @jgstew, thanks for those examples, they have been very helpful.

I am a bit stuck on how to get the ActionName, IssuedTime and IssuerName, the has the Date and time of IssuedTime in a readable view.
I have seen your example, when you return only the IssuedTime in the SQL query, but do you know a way to do this that also contains ActionName and IssuerName in the SQL Query?

Thanks in advance.

NOTE: the ActionHistory.db by default holds 1 year of history. I recommend increasing this to 5 years to cover the client lifecycle.

I open the SQLite DB in “DB Browser for SQLite” and then just test queries until I get something to return the raw results I want, then I test that query in the Fixlet Debugger in a Relevance Query.

Using “DB Browser for SQLite” I came up with this SQL:

SELECT IssuedTime, IssuerName, ActionName FROM ACTION_HISTORY

The SQLite query with Relevance:

rows of statements "SELECT IssuedTime, IssuerName, ActionName FROM ACTION_HISTORY" of sqlite databases of files "ActionHistory.db" of folders "__Global" of data folders of clients

This might be the right way to make the IssuedTime human readable:

( (it) * second + "01 Jan 1070" as date ) of ( (it as string as integer) of column 0 of it | 0 ) of rows of statements "SELECT IssuedTime, IssuerName, ActionName FROM ACTION_HISTORY" of sqlite databases of files "ActionHistory.db" of folders "__Global" of data folders of clients

Similar Queries:

Total Size of FXF files in sites:

rows of statements "SELECT Site_Name,SUM(File_Size) FROM MESSAGEFILE_INFO GROUP BY Site_Name" of sqlite databases of files "SiteData.db" of data folders of clients

Average Eval time for sites:

rows of statements "SELECT SiteName,Stats_TotalEvaluationTime/Stats_NumberOfEvaluations FROM SITEDATA_INFO" of sqlite databases of files "SiteData.db" of data folders of clients