I sent this question to support but they told me it is not functionality within bigfix, they told post here if anyone has ideas on how this could be done.
I would like to know if there is a way to track each time an action takes place on a end point with a policy action I have set. For example I have a registry key value set to 1, if an end user changes it to 0 the BigFix client will see this and change it back. So is there a log we can look at (centrally from the console) for events only on that action for that client and each time it happens? Something that would raise a red flag for us is if we see this value always needing to be reset by BigFix and at what time intervals.
For each policy action, the database actually does store how many times the action executed if you have retry enabled. You can see this by double-clicking on “More Action Info” for a specific computer in the action results and you will see it say something like “This action has been run 12 times”.
I imagine this is useful for you in some form, but you have to click on each individual computer to see the results, which makes it less useful… You might ask if there is a way to expose this info in a custom report or in the console, but unfortunately this data is only grabbed when you click on the computer itself and not stored in the BigFix Console session so we can’t query it unless we make direct database calls.
We can give you the way to modify an action so that it increments a registry key every time the action runs and then you would make a property to return the data… This seems like it would work if you had only a couple of policy actions you want to track, but it seems like it wouldn’t work great if you had more than a few.
Actually, I think Ben is mistaken here. I’m not sure if we added the ability to check the reapply count in a recent version or if it has always been there, but you can craft a report around this session relevance query:
(name of action of it, apply count of it, name of computer of it) of results whose (apply count of it > 1) of bes actions
You’ll want to tune the query to look at specific actions, adjust the threshold, and format the result, but that should get you started. Let us know if you need further help.
Hmm… I think you are right… I think the “Time Action Started” and “Time Action Ended” are the pieces of data in the “More Action Info” that are stored in the database and not accessible in the inspectors.