Audit Log Configuration for v8.2 and Above

Introduction

The audit log enables you to see actions performed on your managed assets. For example:

  • Changes made to ControlUp’s configuration settings, such as adding a new hypervisor.
  • Remote operations performed on managed assets through ControlUp, such as rebooting a virtual machine or killing a process on a managed computer.

These logs are primarily used in corporate environments. The audit log uploads data to ControlUp cloud or to a SysLog server. The Audit Log is by default, configured to enable centralized auditing. The steps below describe how to activate the Audit Log and its available settings.

Audit Log Settings

Go to the Audit Log page by clicking Audit Log from the Settings ribbon.

mceclip0.png

  • Enable Centralized Auditing For enabling/disabling logging.
    • Fail action if auditing fails Prevents actions from being executed if the auditing was not completed properly.
  • Send to SysLog Server  Enables you to save to a SysLog server by entering its:
    • IP/hostname – Enter the IP address or hostname of the SysLog server.
    • Port – Enter the port to use to connect to the SysLog server.
    • Protocol – Select the protocol to use to connect to the SysLog server – UDP or TCP.

Once you have finished making changes to the settings, click Apply to save the changes or OK to save the changes and close the window.

Audit Logs Data

For each entry in the audit logs, the following information is stored: 

Item

Description

Date

Date and time of the event.

Origin

The source of the event (Web client, Console, PowerShell, automated action, Insights, etc.).

Status

The status of the event (initiated, completed, aborted, error, etc.)

Requesting Computer

The hostname or IP address of the computer from which the event was initiated.

Requesting User 

The user account of the user who initiated the event.

Credentials

The user account that was used to execute the command.

Note: If this is the same as the Requesting User, this field is left blank.

Activity

The type of action that was performed (kill process, add computer, etc).

Details

Additional information that is specific to the command.

Object Type

The type of object on which the command was executed.

Executing Computer

The name of the object on which the command was executed (computer hostname, hypervisor name, Netscaler name, organization name, username, etc).

Output

The output of the operation.

Storing the Audit Logs

The Audit Logs may be stored in the following ways:

  • ControlUp Cloud: This is the default configuration. Once support for the cloud data-store is implemented, it will be possible to view a report in the ControlUp Insights portal. The data is retained in this log for a period of a year after it was first recorded.
  • SysLog: The contents of the SysLog data-store can be viewed using any standard SysLog reader (e.g., Splunk).

START YOUR TRIAL

Get Your Download Link

Gain access to ControlUp from your PC. Register and get a link to start your Free Trial.