Auditing

The Auditing page allows you to track user actions and monitor activities on BMC TrueSight Capacity Optimization. To access Auditing in the BMC TrueSight Capacity Optimization Console, go to Administration > System > Auditing.

The following table lists and briefly describes all the elements the Auditing page consists of.

Element nameTypeActionsDescription
Audit messagesTable

Sort columns

Filter columns

Lists all audit messages saved in the BMC TrueSight Capacity Optimization data warehouse and allows you to filter them based on action groups. This table contains the following columns:

  • Timestamp: The date and time on which the message was recorded.
  • Action: Action that triggered the message. For example, Object loaded, User Login.
  • Message: Audit message stored by BMC TrueSight Capacity Optimization. For example, User 'Admin' logged out.
  • Component: The component affected by the action. For example, Primary Scheduler, Web.
  • Subcomponent: The subcomponent affected by the action. For example, The ETL task with ID 1234 (displayed as etlid:1234). If present, this value is clickable and links to the detail page of the subcomponent, for further analysis.
    For more information on Subcomponent IDs and to view their details, see Understanding the Subcomponent column in the Audit messages table.
  • Username: The username of the user who triggered the action.
  • Identifier: The unique identifier of the object affected by the action. For example, The system with ID 5678 (displayed as sysid:5678).
    For more information on Identifier IDs and to view their details, see Understanding the Identifier column in the Audit messages table.
  • Elapsed [s]: Duration of the action (in seconds); if not specified, it means that this field is not applicable.

Note: The available data depends on the aging configuration.

Active sessions in the last hourTable

Sort columns

Filter columns

Lists all web sessions started in the last hour. For each session, the table displays the following information:

  • Session ID: Unique session identifier.
  • Server: Type of BMC TrueSight Capacity Optimization server that accessed during the session. For example, NON-WEB, WEB.
  • Username: User account used for the login. For example, Admin.
  • Creation date: Time and date of the login.

Note: If you see BEFORELOGIN in the Username column – it is because when a browser connects to the Console, a session is created even before the user logs in. When that happens, the username is associated with the session and displayed. Sessions that are not associated with a user account are automatically destroyed after a timeout.

Filter action groupsAction group drop-down filterFilter audit messages

Filters messages in the in the Audit messages table. You can filter messages based on the following action groups:

  • User Logins: Actions related to user authentication. For example, "User login" or "Login attempt".
  • User Activity: Actions triggered by users. For example, "Analysis run" or "System configuration changed".
  • System Component Activity: Actions related to system components. For example, "Configuration data loaded" or "Task started".
  • Scheduler Activity: Actions related to the Administering schedulers service. For example, "Scheduler started" or "Scheduler task error".
  • External Tool Activity: Actions related to external tools. For example, "ETL module activation" or "Configuration download".
  • User Administration Activity: Actions performed by users with administrator privileges. For example, modifying hierarchy rules, system tasks, and so on.
Display audit messages forTime period drop-down filterFilter audit messages

Select a time period for which to display audit messages in the Audit messages table. For example, last 7 days, 24 hours. The preset (default) filter options are:

  • All
  • Last 6 hours
  • Last day
  • Last 7 days
  • Last 30 days

Understanding the Subcomponent column in the Audit messages table

The Subcomponent column displays Task IDs of the sub-components that were affected by the action performed by a particular user, and contains hyperlinked task ID values. When you click them, you can view details for the particular sub-component that was affected.

Whether or not the this column displays task IDs depends on the selection you make in the Filter action groups drop-down filter. Selecting each action group displays related task IDs, while some action groups do not return any IDs at all. For example, if you filter on User Logins and User Activity, the Subcomponent column will not return any task IDs, while filtering over System Component Activity will return task IDs for the Subcomponent affected.

Some common types of task IDs that are displayed in the Subcomponent column are described in the following table.

Task IDDescription
etlid:nDenotes an ETL task
srcid:nDenotes the Source ID for the task

To view details of tasks listed in the Sub-component column

If you click on a task ID listed in the Subcomponent column, the Auditing page displays details of the particular task for which an audit was recorded. For example, you click an ETL Task with an ID etlid:38. Refer to the image below that illustrates this type of task ID in the Subcomponent table.

After you click etlid:38, the Auditing page displays all details for the selected ETL Task, like, Run History, Run Configurations, and so on. Refer to the image below for an illustration of the details page for etlid:38. To go back to viewing the Audit messages table, simply use your browser's back button.

Understanding the Identifier column in the Audit messages table

The Identifier column displays IDs of objects that were affected by the action performed by a particular user, and contains hyperlinked ID values. When you click them, you can view details for the selected object.

The values displayed in this column depend on the selection you make in the Filter action groups drop-down filter. Selecting each action group displays related IDs, while some action groups do not return any IDs at all.

Some common types of IDs that are displayed in the Identifier column are described in the following table.

IDDescription
seriesid:nDenotes a Series
sysid:nDenotes a System
modelid:nDenotes an event model
reportid:nDenotes a report
analysisid:nDenotes an analysis
appid:nDenotes an application

To view details of tasks listed in the Identifier column

If you click on an ID listed in the Identifier column, the Auditing page displays details of the particular task for which an audit was recorded. For example, you click a model with an ID modelid:74. Refer to the image below that illustrates this type of analysis ID in the Identifier table.

After you click on modelid:74, your view is shifted to Workspace, and details for the particular model, like, Domains it is used in, Hierarchy location, are displayed. Refer to the image below for an illustration of the details page for modelid:74. To go back to viewing the Audit messages table, simply use your browser's back button.

Was this page helpful? Yes No Submitting... Thank you

Comments