Page tree

Skip to end of metadata
Go to start of metadata

This topic walks you through the process of examining the results of a compliance check and then exporting those results into a report. This topic includes the following sections:

The video at right demonstrates how to examine compliance results and how to export results to an HTML file.


  https://youtu.be/6tJyfsdVks0

Introduction

This topic is intended for system administrators or operators who are responsible for ensuring compliance in the data center. 

The results of Compliance Jobs show how components satisfy or fail to satisfy the compliance rules established in a component template. (A component is a user-defined collection of server configuration settings that encapsulate a service, application, or security policy.) After running a Compliance Job, you can display job results in a tab in the content editor. The tab contains a hierarchical tree that shows results for each run of the job. The following nodes under each job run present different views of the results:

  • Rules View—Organizes information according to the compliance rules defined for each component template.
  • Server View—Organizes information according to the components found on each server.

Selecting nodes below the Rules View or Server View nodes displays details about each compliance rule that was analyzed. See Compliance statuses of compliance rules for a description of the possible compliance rules statuses.

What does this walkthrough show?

This walkthrough is targeted for compliance operators. It shows how to:

  • Access the results of a compliance check.
  • Examine the results of each compliance rule.
  • Export the compliance results. Possible formats are HTML, CSV, Asset Reporting Format (ARF), and Assessment Summary Results (ASR). ARF and ASR are standardized formats used primarily for transporting information between organizations.

What do I need to do before I get started?

For this walkthrough, we have:

  • Logged on as BLAdmin, the default superuser for BSA. In production environments, BMC recommends that you grant access based on roles with a narrower set of permissions. See Walkthrough: Restricting permissions for a Compliance officer.
  • Run a Compliance Job, as described in Walkthrough: Compliance audit based on a policy.
  • If you want to export results to the ARF or ASR format, you must enable that capability by using the blasadmin utility to run this command: set Appserver EnableARFAndASRExecution true. Then restart the Application Server.

How to analyze and report on compliance status

 StepExample screen
1

In the Jobs folder, navigate to a Compliance Job. Right-click the job and select Show results. A tab at right shows the job results.

 

2In the job results tab, expand a job run and select the Server View node. The pane at right shows the total number of compliant rules and non-compliant rules on each target server.

3Expand the Server View node, expand one of the servers listed under the Server View node, and then select one of the components that the Compliance Job is examining. The pane at right shows a list of compliance rule sets defined for that component. Rule sets and rules (children of rule sets) that are shown in bold red indicate that the target is not compliant for that rule.


4

Expand the component you are examining to show a list of all rule sets examined by the Compliance Job. Expand a rule set to show all rules in the set, and then select a rule. The pane at right shows the rule text (similar to its display in the Rule Editor, but without the option of editing).

If the rule is non-compliant, the conditions in the rule that are found to be non-compliant on the server are displayed in red. When you click a condition displayed in red, the full details of the condition are displayed in another pane below, so that you can compare the actual value on the server with the expected value set in the compliance rule.

5

You can perform a similar examination from the Rules View node.

  1. Select the Rules View node to show the total number of compliant rules and non-compliant rules.
  2. Expand the Rules View node and select the component template that the Compliance Job is based on. The pane at right shows a list of compliance rule sets. Rule sets and rules (children of rule sets) that are shown in bold red indicate that the target is not compliant for that rule.
  3. Expand the component template to show the list of all rule sets examined by the Compliance Job. Expand a rule set to show all rules in the set. Expand the rule to show all components examined during the Compliance Job. Select a component. The pane at right shows the rule text.
  4. For a non-compliant rule, click a condition displayed in red to show the targets condition in the pane below. You can compare the target's actual condition with the expected value set in the compliance rule.
6

You can download results of a Compliance Job to an HTML format that is easily read or analyzed. The example shown here is a small portion of some results exported to the HTML format.

  1. Using the Server View or Rules View nodes, navigate to a position in the hierarchy of results that you want to export.
    For example, if you want to export everything, select the Server View node. If you want to export information about an individual rule, select that rule. 
  2. After selecting an object in the hierarchy, right-click, and select Export Compliance Results.
  3. Using the dialog box that opens, select a location on your local computer for the exported file. 
  4. Click OK.
  5. To view the results, navigate to the file just saved. Open an HTML file in a browser.
7

You can also download results to standardized formats used to transport information across organizations: Asset Reporting Format (ARF) and Assessment Summary Results (ASR). Both formats generate XML files structured according to accepted standards. The example shown here is a portion of an ASR file, structured according to rule name.

Note

By default, the Application Server is not configured to allow export to the ARF and ASR formats. To enable these types of exports, use the blasadmin utility to run this command: set Appserver EnableARFAndASRExecution true. Then restart the Application Server.

 

  1. Using the Server View or Rules View nodes, navigate to a position in the hierarchy of results that you want to export.
    For example, if you want to export everything, select the Server View node. If you want to export information about an individual rule, select that rule. 
  2. After selecting an object in the hierarchy, right-click, and select Export Compliance Results.
  3. Using the dialog box that opens, select a name and location on your local computer for the exported file. 
  4. For File Encoding, take one of the following actions:
    • Select ARF 0.41. By default, this export creates a separate file for each target host. Instead, you an use the Option button to export all results to a single file.
    • Select ASR 0.41. By default, the export organizes results by the reference number of each compliance rule. Use the Option, button to organize results by other parameters.
  5. Click Save.
  6. To view the results, navigate to the file just saved.

 

Wrapping it up

Congratulations, you have successfully reviewed results of a Compliance Job and exported those results as reports using various formats. 

Where to go from here

To learn more about creating and using Compliance Jobs, see Creating and modifying Compliance Jobs.