Skip navigation
1589 Views 9 Replies Latest reply: Jan 28, 2014 1:41 PM by ITBlogger RSS
igsl Rookie 43 posts since
Aug 31, 2011

Has received 1 of 9 achievements.
Currently Being Moderated

Dec 21, 2011 3:34 AM

Audit Trail

Hi All,

 

Does anyone know where I can find the log file about the console login? We want to find out the people who logged on to the LANDesk console.

 

Regards,

 

Terry

  • MarXtar SSMMVPGroup 2,050 posts since
    Jul 2, 2008

    Has received 8 of 9 achievements.
    Currently Being Moderated
    1. Dec 21, 2011 10:23 AM (in response to igsl)
    Re: Audit Trail

    There isn't a log for that type of activity.

     

    Mark McGinn

    MarXtar Ltd

    http://landesk.marxtar.co.uk

    LANDesk Silver ESP

     

    The One-Stop Shop for LANDesk Enhancements

    - Wake-On-WAN - Distributed Wake-On-LAN, Scheduled Power Down, and SWDist Sequencing

  • zman Master 3,277 posts since
    Dec 14, 2007

    Has received 9 of 9 achievements.
    Currently Being Moderated
    2. Dec 21, 2011 11:07 AM (in response to igsl)
    Re: Audit Trail

    So as Mark indicated no real auditing of this event, however, you can scrape the console.exe.log file for who logged into the console. If you have a lot of remote consoles this can be a PITA, but can be done. If you are logging in with domain credentials domain\account, you can use find/grep on the file to extract all the logins.

     

    Also, please post what version of the software you are using.

  • MarXtar SSMMVPGroup 2,050 posts since
    Jul 2, 2008

    Has received 8 of 9 achievements.
    Currently Being Moderated
    3. Dec 21, 2011 11:47 AM (in response to zman)
    Re: Audit Trail

    That's a good point zman. I really think this is an area where LANDesk could do with improving capabilities. Too many opportunities for LANDesk console users to go unaudited.

     

    Mark McGinn

    MarXtar Ltd

    http://landesk.marxtar.co.uk

    LANDesk Silver ESP

     

    The One-Stop Shop for LANDesk Enhancements

    - Wake-On-WAN - Distributed Wake-On-LAN, Scheduled Power Down, and SWDist Sequencing

  • zman Master 3,277 posts since
    Dec 14, 2007

    Has received 9 of 9 achievements.
    Currently Being Moderated
    4. Dec 21, 2011 11:53 AM (in response to MarXtar)
    Re: Audit Trail

    Yep, been asking for this for sometime. There is a an ER http://community.landesk.com/support/ideas/1489 and I've seen some early prototypes but nothing lately.  Here were my very rough notes from a while back - straight from the head:

     

    LANDesk Management Suite Auditing Notes

    LDMS should have a centralized audit function.  As the tool penetrates larger markets and more diversified environments, auditing is imperative.  In environments where there are multiple LANDesk administrators and regulatory, political, security, or other operational requirements there is currently no way to track LDMS object modifications, addition, deletions, etc…  These object changes can have a significant impact on performance, client user experience, and negative political ramifications.

    The scope of Auditing should initially be limited to Core auditing in the first phase and then research client side auditing (e.g., client side events such as software distribution). Audit information should be in a separate DB, not stored locally on the core (e.g., event logs, etc…)  SNMP integration may be evaluated to publish audits to external audit/logging systems.

    I believe that at a minimum the following should be tracked whether initiated by user or automated task (LPM):

    • Create
    • Change
    • Delete

    Whenever a object is altered the following information should be recorded:

    • Username
    • ComputerName
    • IP Address
    • Date Time
    • Object Name – (e.g., Scheduled Task, Query, Distribution Package, etc…)
    • Action – Create – Change – Delete.
    • Detail – What was Created – Changed – Deleted. 

    With the realization that this can place an increased performance and storage burden on LANDesk, the auditing feature should have:

    • Global Settings
      • Ability to turn auditing on and off per core
      • Ability to replicate all aspects of auditing between cores.
      • Visual indicator per function/object whether auditing is on or off
      • Ability to automagically purge auditing events based on X days. Archiving feature would be nice for audits.
      • Ability to acknowledge Audits Events.
      • Ability to Audit when SPs, post patches, hotfixes are applied to the core.
      • Function
        • Ability to turn on and off auditing per function (e.g., Scheduled Tasks, RC, etc…)
        • Object
          • Ability to turn on and off auditing per Object (e.g., Specific  Scheduled Task).

    Define audit records as

    • Critical
    • Information
    • Error

    Rollup audit logs for reporting.  Keep audit data in sql. Separate DB.

    Combine logs and Audits into one  – inventory history – and audit.

     

    1. Functions
      1. Software Distribution

                                                                   i.      Queries – LDMS and LDAP

                                                                 ii.      Scheduled Tasks

                                                                iii.      Distribution Packages

                                                               iv.      Delivery Methods

                                                                 v.      Directory Manager

                                                               vi.      Scripts

                                                              vii.      Launchpad

    1. OSD
    2. Administration

                                                                   i.      Core Replication

                                                                 ii.      Alerting

                                                                iii.      Agent Config

                                                               iv.      Custom Data Forms

                                                                 v.      UDD

                                                               vi.      All items under Configure, etc

    1. Power Management
    2. Reporting

                                                                   i.      Logs – should be integrated into Auditing feature

                                                                 ii.      SLM

                                                                iii.      Reports

    1. Security and Compliance

                                                                   i.      Scan Folder

                                                                 ii.      Groups

                                                                iii.      Settings

    1. Console Users

                                                                   i.      Console users logon and logoff times

                                                                 ii.      Logon failures

    1. RBA

                                                                   i.      Any changes made to RBA settings.

    UI for the Auditing

    • Filtering based on
      • Audit Type – Critical – Information….
      • Source – Core, Client (if you decide to do client side auditing).
      • Date
      • Audit ID.

    I know we spoke about dashboards and such and the inability to “guess” what a user would like to see,  and below is a swag at what I would like:

    • Audit summary
      • Amount of Critical events over the last X time frame.
      • LANDesk Function (e.g., patch, software dist., etc…) causing the most critical events over the last X time frame.
      • This would change significantly if you did client side auditing.
  • ITBlogger Rookie 36 posts since
    Jan 23, 2012

    Has received 1 of 9 achievements.
    Currently Being Moderated
    5. Jan 28, 2014 1:07 PM (in response to igsl)
    Re: Audit Trail

    Yep, LANDesk really needs to improve the functionality here. At the very least, they should output audit logging info to the Windows Event logs.

  • jonbart SupportEmployee 69 posts since
    Oct 29, 2012

    Has received 2 of 9 achievements.
    Currently Being Moderated
    6. Jan 28, 2014 1:14 PM (in response to ITBlogger)
    Re: Audit Trail

    There is an option to add auditing events in the Configure > Auditing Configuration section

     

    auditing.PNG

  • jrrippel Apprentice 19 posts since
    Apr 19, 2011

    Has received 1 of 9 achievements.
  • ITBlogger Rookie 36 posts since
    Jan 23, 2012

    Has received 1 of 9 achievements.
    Currently Being Moderated
    8. Jan 28, 2014 1:18 PM (in response to jrrippel)
    Re: Audit Trail

    I do not have that tab on any of our 6 cores and they are all running LDMS 9.5 SP1. What's the deal there? When was that functionality added?

  • ITBlogger Rookie 36 posts since
    Jan 23, 2012

    Has received 1 of 9 achievements.
    Currently Being Moderated
    9. Jan 28, 2014 1:41 PM (in response to jrrippel)
    Re: Audit Trail

    Thanks much. Just got it turned on.

     

    Not sure why the LANDesk Administrator role doesn't have the rights to view this...after all, it has the rights to grant access to the role.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 20 points
  • Helpful Answers - 10 points
LANDESK Community powered by Jive SBS® 4.5.7.1  |  Legal Notices  |  Privacy Policy  |  Icon 

TweeterOn Twitter  |  Icon FacebookOn Facebook © 2007 LANDESK Software