eG Administration 
 

Auditing Changes Effected using the eG User Interface

An audit log can be best described as a simple log of changes, typically used for tracking temporal information. The eG manager can now be configured to create and maintain audit logs in the eG database, so that all key configuration changes to the eG Enterprise system, which have been effected via the eG user interface, are tracked.

The eG audit logs reveal critical change details such as what has changed, who did the change, and when the change occurred, so that administrators are able to quickly and accurately identify unauthorized accesses/modifications to the eG Enterprise system.

By default, audit logging is disabled. To enable the capability, follow the steps given below:

  • Login to the eG administrative interface.
  • Click on the icon available in the Admin tab. Then, select the Manager option in the Settings tile. Now select the Audit option from the Manager Settings tree.
  • In the AUDITLOG section of the page, set the Enable auditlog flag to Yes.
  • Click the Update button to save the changes.

Subsequent to this, every configuration change that the user makes will be automatically logged in the database. To view the details logged and analyze their implications, eG Enterprise provides an exclusive Audits menu in its administrative interface, using which you can generate a variety of AUDIT LOG REPORTS.

Auditing Changes Effected using the eG Admin Interface

Using the Admin option of this Audits menu, you can generate audit log reports that enable an administrator to keep tabs on critical configuration changes made using the eG admin interface. These changes could be password changes, test parameter changes, new server additions, threshold changes etc., which can significantly alter the way the eG Enterprise system performs monitoring. Sometimes, these configuration changes, if not done properly or if carried out by unauthorized/unqualified personnel, can cause the eG Enterprise system to generate false alerts and perform inaccurate diagnosis. As these Admin reports reveal what admin settings were modified by which user, along with the details of the original settings, they greatly help administrators in quickly identifying and rectifying errors (if any) in configuration.

To generate the Admin related audit log reports, do the following:

  • Select a Timeline for the report. The default Timeline for the report is 24 hours. You can choose any other fixed period from the Timeline list, or select the Any option from this list. Choosing the Any timeline, allows you to provide a From and To date and time for report generation. If you change the Timeline settings, then make sure that you click the right-arrow button at its end, to register the changes.

  • Next, select the User whose admin activities you want to audit. By default, the All option is displayed here, , indicating that the report provides the details of the configuration changes effected by all users to the eG administrative interface. However, if only one user has actively used the eG administrative interface till date, then, by default, that user's name is displayed in the User list.

  • Administrators can configure the target environment for monitoring by logging into the eG administrative interface or by using the admin command line interface provided by the eG manager. This is why, by default, the audit log not only captures those configuration changes that are effected via the web-based eG administrative interface, but also logs those activities that are performed via the eG Admin Command Line Interface.

    While generating audit log reports, you can view changes across both these interfaces, or only those changes that pertain to a particular interface. To indicate your choice, use the Interface drop-down list. The options available in the Interface list are as follows:

    • Web: Select this option to view those changes that were effected only via the eG web interface;
    • Command Line: Select this option to view those changes that were effeced only via the eG command line interface;
    • All: Select this option to view all changes, regardless of interface.

    If required, you can choose not to maintain audit logs for activities performed via the admin command line interface by setting the Include activities from the admin command line interface flag in the AUDITLOG section of the MANAGER SETTINGS page to No. In this case therefore, the Interface drop-down list will not appear in this page.

    Note:

    The eG command line interface can currently be used only for administering the eG manager - i.e., for performing a few administrative tasks such as adding/managing components, configuring external agents/remote agents, assigning agents to secondary manager in a redundant manager setup, etc. Hence, the Interface option is currently relevant to the Admin Audit log Reports, and not the Monitor, Reporter, and Configuration Management Audit Log Reports.

  • The Host IPs list displays all the IP addresses from which the chosen user(s) has accessed the eG administrative interface. If you are looking for information on the admin accesses from specific IPs, select those IP addresses alone from the Host IPs list.

  • After the selection, the Modules list will be populated with those admin modules that the chosen user(s) worked with while accessing the eG admin interface from the selected Host IPs. If you want the details of changes that the user made in specific admin modules, select those modules alone from the Modules list.

  • Based on the Modules selection, the Activities list will be populated. While working with the eG admin interface, the selected user(s) might have performed a few specific operations on the chosen Modules. eG Enterprise automatically discovers the operations that correspond to the chosen user-host IP-module combination from the audit logs, and populates the Activities list with the operations so discovered. If you want the details of specific activities only, select the required options alone from the Activities list.

  • Finally, click the Show button to generate the report.

  • The resulting report provides the following details:

    • the date/time of the change
    • the name of the user who made the change
    • the IP address of the host from which the user accessed the eG admin interfacet
    • the module that was accessed by the user
    • the specific operation/activity that was performed by the user on that module
    • the interface type used - whether web interface or command line interface
    • the detailed description of the change, followed by a snapshot of the settings prior to change, and the settings after the change; if a configuration has been newly introduced (for eg., a server has been newly managed), then only the Current Settings will be displayed.

    Note:

    • By default, every change record that the report displays will be accompanied by the Current and Previous configuration settings. This can sometimes clutter the report view, making it difficult for you to read and analyze the report. You can therefore hide both these columns from the report, by setting the ShowChanges parameter in the [AUDIT_LOG_SETTINGS] section of the eg_ui.ini (in the {EG_INSTALL_DIR>\manager\config directory) file to No.

    • In a redundant setup, the auditlog report will have an additional MANAGER NAME column, which displays the IP or host name of the manager to which a record pertains.

  • If the report runs across pages, then the hyperlinked page numbers and the First, Next, Prev, and Last links at the bottom of the page will aid navigation.

  • You can print the report by clicking on the icon in this page, or save the report as a PDF file by clicking on the icon. You can even save the report as a CSV file by clicking on the icon here.

Note:

If the threshold for a measure is changed to -/-/-, then the Current Settings column of the Audit Log Report will indicate that the threshold has changed to none.

Auditing Changes Effected using the eG Monitor Interface

Using the Monitor option of this Audits menu, you can generate audit log reports that enable an administrator to track user activities on the eG monitoring console, and to accurately detect changes wrongly made and the user responsible for the same. These reports are critical too because, changes that are implemented carelessly in the monitoring interface - for instance, alarms deleted unknowingly, alarms unacknowledged by mistake, etc. - can only add to an administrator's confusion and delay problem resolution.

To generate the Monitor related audit log reports, do the following:

  • Select a Timeline for the report. The default Timeline for the report is 24 hours. You can choose any other fixed period from the Timeline list, or select the Any option from this list. Choosing the Any timeline, allows you to provide a From and To date and time for report generation. If you change the Timeline settings, then make sure that you click the right-arrow button at its end, to register the changes.

  • Next, select the User whose monitoring activities you want to audit. By default, the All option is displayed here, , indicating that the report provides the details of the configuration changes effected by all users to the eG monitoring console. However, if only one user has actively used the eG monitor interface till date, then, by default, that user's name is displayed in the User list.

  • Administrators can configure the target environment for monitoring by logging into the eG administrative interface or by using the admin command line interface provided by the eG manager. This is why, by default, the audit log not only captures those configuration changes that are effected via the web-based eG administrative interface, but also logs those activities that are performed via the eG Admin Command Line Interface.

    While generating audit log reports, you can view changes across both these interfaces, or only those changes that pertain to a particular interface. To indicate your choice, use the Interface drop-down list. The options available in the Interface list are as follows:

    • Web: Select this option to view those changes that were effected only via the eG web interface;
    • Command Line: Select this option to view those changes that were effeced only via the eG command line interface;
    • All: Select this option to view all changes, regardless of interface.

    If required, you can choose not to maintain audit logs for activities performed via the admin command line interface by setting the Include activities from the admin command line interface flag in the AUDITLOG section of the MANAGER SETTINGS page to No. In this case therefore, the Interface drop-down list will not appear in this page.

    Note:

    The eG command line interface can currently be used only for administering the eG manager - i.e., for performing a few administrative tasks such as adding/managing components, configuring external agents/remote agents, assigning agents to secondary manager in a redundant manager setup, etc. Hence, the Interface option is currently relevant to the Admin Audit log Reports, and not the Monitor, Reporter, and Configuration Management Audit Log Reports.

  • The Host IPs list displays all the IP addresses from which the chosen user(s) has accessed the eG monitor interface. If you are looking for information on the accesses from specific IPs, select those IP addresses alone from the Host IPs list.

  • After the selection, the Modules list will be populated with those monitor modules that the chosen user(s) worked with while accessing the eG monitoring console from the selected Host IPs. If you want the details of changes that the user made in specific modules in the monitor interface, select those modules alone from the Modules list.

  • Based on the Modules selection, the Activities list will be populated. While working with the eG monitor interface, the selected user(s) might have performed a few specific operations on the chosen Modules. eG Enterprise automatically discovers the operations that correspond to the chosen user-host IP-module combination from the audit logs, and populates the Activities list with the operations so discovered. If you want the details of specific activities only, select the required options alone from the Activities list.

  • Finally, click the Show button to generate the report.

  • The resulting report provides the following details:

    • the date/time of the change
    • the name of the user who made the change
    • the IP address of the host from which the user accessed the eG monitor interfacet
    • the module that was accessed by the user
    • the specific operation/activity that was performed by the user on that module
    • the interface type used - whether web interface or command line interface
    • the detailed description of the change, followed by a snapshot of the settings prior to change, and the settings after the change; if a configuration has been newly introduced (for eg., a quick insight view was newly created), then only the Current Settings will be displayed.

    Note:

    • By default, every change record that the report displays will be accompanied by the Current and Previous configuration settings. This can sometimes clutter the report view, making it difficult for you to read and analyze the report. You can therefore hide both these columns from the report, by setting the ShowChanges parameter in the [AUDIT_LOG_SETTINGS] section of the eg_ui.ini (in the {EG_INSTALL_DIR>\manager\config directory) file to No.

    • In a redundant setup, the auditlog report will have an additional MANAGER NAME column, which displays the IP or host name of the manager to which a record pertains.

  • If the report runs across pages, then the hyperlinked page numbers and the First, Next, Prev, and Last links at the bottom of the page will aid navigation.

  • You can print the report by clicking on the icon in this page, or save the report as a PDF file by clicking on the icon. You can even save the report as a CSV file by clicking on the icon here.

Auditing Changes Effected using the eG Reporter Interface

Using the Reporter option of this Audits menu, you can generate audit log reports that enable an administrator to track user activities on the eG Reporter interface. Typically, the key configuration changes that a user can make using the eG Reporter component is to add/modify/remove FAVORITES and SCHEDULE report configurations. The Reporter option in the Audits menu facilitates an effective analysis of these events.

To generate the Reporter related audit log reports, do the following:

  • Select a Timeline for the report. The default Timeline for the report is 24 hours. You can choose any other fixed period from the Timeline list, or select the Any option from this list. Choosing the Any timeline, allows you to provide a From and To date and time for report generation. If you change the Timeline settings, then make sure that you click the right-arrow button at its end, to register the changes.

  • Next, select the User whose eG Reporter-related activities you want to audit. By default, the All option is displayed here, indicating that the report provides the details of the configuration changes effected by all users to the eG Reporter interface. However, if only one user has actively used the eG Reporter interface till date, then, by default, that user's name is displayed in the User list.

  • Administrators can configure the target environment for monitoring by logging into the eG administrative interface or by using the admin command line interface provided by the eG manager. This is why, by default, the audit log not only captures those configuration changes that are effected via the web-based eG administrative interface, but also logs those activities that are performed via the eG Admin Command Line Interface.

    While generating audit log reports, you can view changes across both these interfaces, or only those changes that pertain to a particular interface. To indicate your choice, use the Interface drop-down list. The options available in the Interface list are as follows:

    • Web: Select this option to view those changes that were effected only via the eG web interface;
    • Command Line: Select this option to view those changes that were effeced only via the eG command line interface;
    • All: Select this option to view all changes, regardless of interface.

    If required, you can choose not to maintain audit logs for activities performed via the admin command line interface by setting the Include activities from the admin command line interface flag in the AUDITLOG section of the MANAGER SETTINGS page to No. In this case therefore, the Interface drop-down list will not appear in this page.

    Note:

    The eG command line interface can currently be used only for administering the eG manager - i.e., for performing a few administrative tasks such as adding/managing components, configuring external agents/remote agents, assigning agents to secondary manager in a redundant manager setup, etc. Hence, the Interface option is currently relevant to the Admin Audit log Reports, and not the Monitor, Reporter, and Configuration Management Audit Log Reports.

  • The Host IPs list displays all the IP addresses from which the chosen user(s) has accessed the eG Reporter interface. If you are looking for information on the accesses from specific IPs, select those IP addresses alone from the Host IPs list.

  • After the Host IPs selection, the Modules list will be populated with the Favorites and/or Schedules option, depending upon which of the two modules were accessed by the chosen user from the selected Host IPs. Select either/both the displayed modules to view the changes made by the user in the respective modules.

  • Based on the Modules selection, the Activities list will be populated. While working with the eG Reporter interface, the selected user(s) might have performed a few specific operations on the chosen Modules. eG Enterprise automatically discovers the operations that correspond to the chosen user-host IP-module combination from the audit logs, and populates the Activities list with the operations so discovered. If you want the details of specific activities only, select the required options alone from the Activities list.

  • Finally, click the Show button to generate the report.

  • The resulting report provides the following details:

    • the date/time of the change
    • the name of the user who made the change
    • the IP address of the host from which the user accessed the eG Reporter interfacet
    • the module that was accessed by the user
    • the specific operation/activity that was performed by the user on that module
    • the interface type used - whether web interface or command line interface
    • the detailed description of the change, followed by a snapshot of the settings prior to change, and the settings after the change; if a configuration has been newly introduced (for eg., a new schedule was created), then only the Current Settings will be displayed.

    Note:

    • By default, every change record that the report displays will be accompanied by the Current and Previous configuration settings. This can sometimes clutter the report view, making it difficult for you to read and analyze the report. You can therefore hide both these columns from the report, by setting the ShowChanges parameter in the [AUDIT_LOG_SETTINGS] section of the eg_ui.ini (in the {EG_INSTALL_DIR>\manager\config directory) file to No.

    • In a redundant setup, the auditlog report will have an additional MANAGER NAME column, which displays the IP or host name of the manager to which a record pertains.

  • If the report runs across pages, then the hyperlinked page numbers and the First, Next, Prev, and Last links at the bottom of the page will aid navigation.

  • You can print the report by clicking on the icon in this page, or save the report as a PDF file by clicking on the icon. You can even save the report as a CSV file by clicking on the icon here.

Auditing Changes Effected using the eG Configuration Management Interface

Using the Config option of the Audits menu, you can generate audit log reports that will help you instantly identify whether any changes were made to the dashboard and overall display settings of the eG Configuration Management interface, who made these change, and when.

To generate the Configuration Management related audit log reports, do the following:

  • Select a Timeline for the report. The default Timeline for the report is 24 hours. You can choose any other fixed period from the Timeline list, or select the Any option from this list. Choosing the Any timeline, allows you to provide a From and To date and time for report generation. If you change the Timeline settings, then make sure that you click the right-arrow button at its end, to register the changes.

  • Next, select the User whose Config Management-related activities you want to audit. By default, the All option is displayed here, indicating that the report provides the details of the configuration changes effected by all users to the eG Configuration Management interface. However, if only one user has actively used the eG Configuration Management interface till date, then, by default, that user's name is displayed in the User list.

  • Administrators can configure the target environment for monitoring by logging into the eG administrative interface or by using the admin command line interface provided by the eG manager. This is why, by default, the audit log not only captures those configuration changes that are effected via the web-based eG administrative interface, but also logs those activities that are performed via the eG Admin Command Line Interface.

    While generating audit log reports, you can view changes across both these interfaces, or only those changes that pertain to a particular interface. To indicate your choice, use the Interface drop-down list. The options available in the Interface list are as follows:

    • Web: Select this option to view those changes that were effected only via the eG web interface;
    • Command Line: Select this option to view those changes that were effeced only via the eG command line interface;
    • All: Select this option to view all changes, regardless of interface.

    If required, you can choose not to maintain audit logs for activities performed via the admin command line interface by setting the Include activities from the admin command line interface flag in the AUDITLOG section of the MANAGER SETTINGS page to No. In this case therefore, the Interface drop-down list will not appear in this page.

    Note:

    The eG command line interface can currently be used only for administering the eG manager - i.e., for performing a few administrative tasks such as adding/managing components, configuring external agents/remote agents, assigning agents to secondary manager in a redundant manager setup, etc. Hence, the Interface option is currently relevant to the Admin Audit log Reports, and not the Monitor, Reporter, and Configuration Management Audit Log Reports.

  • The Host IPs list displays all the IP addresses from which the chosen user(s) has accessed the eG Configuration Management interface. If you are looking for information on the accesses from specific IPs, select those IP addresses alone from the Host IPs list.

  • After the Host IPs selection, the Modules list will be populated with either/all of the following options: Common Display settings and Dashboard settings. The options displayed depend upon which of the two modules were accessed by the chosen user from the selected Host IPs. Select either/both the displayed modules to view the changes made by the user in the respective modules.

  • Based on the Modules selection, the Activities list will be populated. While working with the eG Configuration Management interface, the selected user(s) might have performed a few specific operations on the chosen Modules. eG Enterprise automatically discovers the operations that correspond to the chosen user-host IP-module combination from the audit logs, and populates the Activities list with the operations so discovered. If you want the details of specific activities only, select the required options alone from the Activities list.

  • Finally, click the Show button to generate the report.

  • The resulting report provides the following details:

    • the date/time of the change
    • the name of the user who made the change
    • the IP address of the host from which the user accessed the eG Reporter interfacet
    • the module that was accessed by the user
    • the specific operation/activity that was performed by the user on that module
    • the Interface type used - whether web interface or command line interface
    • the detailed description of the change, followed by a snapshot of the settings prior to change, and the settings after the change; if a configuration has been newly introduced (for eg., a new schedule was created), then only the Current Settings will be displayed.

    Note:

    • By default, every change record that the report displays will be accompanied by the Current and Previous configuration settings. This can sometimes clutter the report view, making it difficult for you to read and analyze the report. You can therefore hide both these columns from the report, by setting the ShowChanges parameter in the [AUDIT_LOG_SETTINGS] section of the eg_ui.ini (in the {EG_INSTALL_DIR>\manager\config directory) file to No.

    • In a redundant setup, the auditlog report will have an additional MANAGER NAME column, which displays the IP or host name of the manager to which a record pertains.

  • If the report runs across pages, then the hyperlinked page numbers and the First, Next, Prev, and Last links at the bottom of the page will aid navigation.

  • You can print the report by clicking on the icon in this page, or save the report as a PDF file by clicking on the icon. You can even save the report as a CSV file by clicking on the icon here.

Note:

In a redundant setup, this audit log report will have an additional MANAGER NAME column, which displays the IP or host name of the manager to which a record pertains.