Defining audit trails

An audit trail is a record of those who seek authorization for specific actions in TrueSight Server Automation.

You can specify whether an audit trail entry is recorded every time a user is successfully authorized for an action, every time a user is denied authorization, or both. Audit trail settings apply globally throughout TrueSight Server Automation.

For information about viewing the audit trail for a system object, see Audit-Trail-view.

To define audit trail preferences, your role must be granted the Authorization.Modify authorization.

To define an audit trail

  1. In the RBAC Manager folder, expand Authorizations.
  2. Under Authorizations, expand System Authorizations.
    All possible system authorizations in TrueSight Server Automation are displayed under the System Authorizations node.

  3. Right-click an authorization and select Open from the pop-up menu. A properties dialog box opens.

    Important

    In versions prior to 21.3, no audit trail notification is sent if the notification is configured on the .* (parent) authorization. For example, if the notification is configured on the Server.* authorization and a user live browses a server object, no notification is sent.

    Starting with version 21.3, to enable audit trail notifications on the parent authorizations, use the following blasadmin command:

    set RBAC UseParentAuthNotifications true

    Now if the notification is configured on the Server.* authorization and a user live browses a server, notification is sent as configured.

    The default value for this setting is false.

  4. Check Success to log information every time this authorization is requested and the authorization is granted. Check Failure to log information each time this authorization is denied.
  5. To set up notifications that are sent when an authorization is successfully requested or when an authorization request fails, under Success or Failure, do any of the following:
    • To send email notifications, check Send email to and enter the email address of the accounts that should be notified based on a successful authorization. Separate multiple email addresses with semicolons, such as sysadmin@bmc.com;sysmgr@bmc.com.
    • To send SNMP trap notifications, check Send SNMP trap to and enter the name or IP address of the server that should be notified based on an authorization success. Alternatively, you can click Browseg_V95_BrowseIcon.gif and use the Select Server dialog box to choose a server.
  6. Click OK.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*