Creating the Audit Jobs for Continuous Compliance for Server Automation

Audit Jobs enables you to determine if a server configuration matches a standard configuration. You create the Audit Job in the BMC Server Automation Console. When an Audit Job detects discrepancies, BMC Atrium Orchestrator receives a notification using an SNMP trap. The notification contains the details of the audit discrepancies.

For additional information, see Creating-and-modifying-Audit-Jobs in the BMC Server Automation online documentation.

Before you begin

The following are the requirements for creating the Audit Jobs used by the Closed Loop Server Audit module:

  • For each Audit Job you create, you must also create a corresponding Audit verification job that is used to verify the remediation job results. This Audit Job is used for the Verify Audit Discrepancies after Remediation workflow.
  • Component templates with identical names cannot be used in the same Audit Job.
  • The Audit Job must be configured to send SNMP traps for Job Run Notifications and not Audit Results Notifications. The Audit Job run notifications are sent when an Audit Job run is successful, fails, or is aborted.
  • The Send SNMP Trap to setting must be sent to the server name or IP address of your BMC Atrium Orchestrator CDP server. However, the verification job must not send out a job completion notification.

To create an Audit Job

  1. Start the BMC Server Automation Console, and select the Jobs workspace.

  2. Right-click the Jobs folder and select New> Job Folder to add a new job folder Audit Jobs. 

    Note

    You can also use an existing folder to create the Audit Jobs.

  3. Select the Component Template workspace and select one audit template.
  4. Right-click and select Discover.
  5. In the New Component Discovery Job window, provide a job name, and Save in folder details and click Next.
  6. Specify the template, the target servers, and default notifications on the following wizard pages.
  7. On the Schedules page, select Execute Job Now and click Finish.
  8. After the Discovery Job executes successfully, select the Jobs workspace.
  9. Select the Audit Job folder, right-click and select New>Audit Job.

Complete the Audit Job wizard windows as described in the following sections:

New Audit Jobs (General) window:

  1. Provide a name and description for the Audit Job.
  2. Select a folder location to save the Audit Job.
  3. Under Select Audit Job Type, select Audit components.
  4. Under Number of Targets to Process in Parallel, do one of the following:
     Select Unlimited to run the job on as many targets as possible simultaneously.

Select Limited and specify a number in the field to the right. That number sets the maximum number of targets on which the job can run simultaneously.

  1. Click Next

    Note

    Application Server settings control the number of targets the job can potentially access simultaneously. See Creating-and-modifying-Audit-Jobs in the BMC Server Automation online documentation.

New Audit Jobs (Component Templates for Filtering) window

Note

The New Audit Jobs (Component Templates for Filtering) window is available only when you are creating an Audit Job based on components.

 In the New Audit Jobs (Component Templates for Filtering) window:

  1. Select the component template that you used in step 3 for Audit Jobs.
  2. To add the selected template, use the > arrow button .
  3. Click Next.

New Audit Jobs (Masters) window

In the New Audit Jobs (Masters) window:

  1. Select the component of the Master server.
  2. Click Next.

New Audit Jobs (Targets) window

In the New Audit Jobs (Targets) window:

  1. Select the target server on which you want to execute the Audit Job.
  2. To add the selected target, use the > arrow button .
  3. Click Next.

New Audit Jobs (Default Notification) window

In the New Audit Jobs (Default Notification) window:

  1. Under Job Run Notifications, select Send SNMP trap to and enter the server name or IP address of your BMC Atrium Orchestrator CDP server. 

    Note

    The server that you enter must be a BMC Atrium Orchestrator CDP server with an SNMP Monitor adapter enabled.

  2. For the When status is option, select Success, Failed, and Aborted.
  3. Click Next.

New Audit Jobs (Schedules) window

In the New Audit Jobs (Schedules) window:

  1. Select Execute job now or click the add icon (+ ) to set a schedule.
  2. To add a schedule, click the Schedule tab and select an option for scheduling the Audit Job run.
  3. Click OK.
  4. Click Next.

Note

If you are not modifying default permissions, you can click Finish.

New Audit Jobs (Properties) window

In the New Audit Jobs (Properties) window:

  1. Confirm the properties you have selected. To make changes, click Back to return to the previous step.
  2. Click Next.

New Audit Jobs (Permissions) window

In the New Audit Jobs (Permissions) window:

  1. Confirm the information about your access control list.
  2. Click Finish. The Audit Job is created.

To create the Audit verification job

  1. Start the BMC Server Automation Console, and select the Jobs workspace.
  2. In the Audit folder, right-click the Audit Job you just created and select Copy.
  3. Paste the job into the Audit folder, and open the copied job file.
  4. On the General tab, rename the Copy of jobname file, adding the word Verify after the original Audit Job name. For example, if the name of the Audit Job is AuditJob, the audit verification file name must be AuditJobVerify.
  5. On the Default Notifications tab, remove all of the SNMP Job Run Notification settings.
  6. Save and close the audit verification job.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*