Idea Details

Robust User Audit Logging

Last activity 11 days ago
Anon Anon's profile image
09-28-2015 06:30 PM

Many customers need to find out which users have made changes to the Spectrum database, in order to find out why the edits were made, and what the extent of the edits were.

 

Currently Spectrum allows user event logging (by setting log_user_events=true in the .vnmrc file and restarting the SpectroSERVER), but it offers no granularity for what types of events are of interest, and it results in a lot of noise.  Some useful categories of events might be:

 

Model creation

Model deletion

Autodiscovery

User model changes

Global Collection edits

Policy creations/edits

 

It would be even more powerful to allow the creation of user events against a set of models of interest (e.g. Who is making changes to Catalyst devices, or Who is changing models in subnet 192.168.2.1?)


Comments

08-09-2017 12:16 AM

Hello lilah

 

From Spectrum 10.2 release onward, events that are created while editing the user models will have the actual username who edited the user model as the “Created By”.

 

Before this change, all events used have “system” as “Created By” irrespective of who did the change. For this, no configuration is required. It’s the default behavior now.

 

This applies to various actions on user models like changing licenses, changing landscape etc.

 

Thanks,

Nagesh 

07-02-2017 09:58 AM

Hi Nagesh_Jaiswal,

 

Can you explain how the idea is implemented and configured in Spectrum 10.2?

According to CA support, and what I can tell from log_user_events=true, robust user auditting isn't available without opening an entire floodgate of events. 

06-27-2017 11:22 AM

Dear Spectrum Community Users, 

 

This idea is delivered with release of CA Spectrum 10.2. 

 

Features and Enhancements - CA Spectrum - 10.2 and 10.2.1 - CA Technologies Documentation  

 

Thanks,

Nagesh 

04-07-2017 11:32 AM

Why is this idea still marked as new?  It has more than 30 votes.

02-05-2017 11:16 AM

This would be awesome  

There should be some granularity with what is being audited, but it should be clear what has been done rather than creating an event for each attribute which has been modified (as per log_user_events).

 

I would also like to suggest that since today SANM forwards only alarms, and I don't think a user needs to know that what is being reported about him each time he touches an object in Oneclick, that this audit log should not require having to raise alarms in order for it to be forwarded to a SOC. Perhaps it could write to a local file, much like with SANM, but it shouldn't require having to raise an auditing alarm within Oneclick.

 

Edit 12/02/2017:  After speaking with CA support, I can confirm that user auditing functionality isn't supported as of 10.2. The workaround is log_user_events=true, create alarms by correleating events and attributes, and writing it with SANM to file. 

02-03-2017 07:36 PM

Many of our costumers whants to have this kind of granularity in order to full fill audit requieriments and security standards...

09-28-2016 05:19 PM

I guess most of the events will be in Archive Manager, but there needs to be a clever way (like the CA PM querybuilder API) to get information out of it specific to user changes. I agree - this is lacking and would be good to be able to search through quicker instead of finding that one event between thousands of others!

09-29-2015 09:10 AM

With a large organization as ours and multiple engineering teams needing to drive CA spectrum eventing implementations  - having a audit feature is eccential to ensure quality consistent delivery and ability to quickly identify latest changes and backout plans when there maybe overlap and issues.

 

Looking forward to having this ability.  

09-29-2015 08:28 AM

Thanks Scott. this is a mist have for *any* peice of software i feel.

 

Other vendors supply this with their products out of the box from day one.