Log files and event sources
If you make use of the security-audit feature, HPOM for Windows
writes changes to the configuration of the HPOM for Windows
management server to a custom application log named,
OvConfigChangeEvents.Evt, which is stored in the
following location: %OvDataDir%\log on the HPOM for
Windows management server.
Three HPOM for Windows components are currently able to make use of the Security Audit feature, namely;
- Policy management and deployment server
(OvPmad)
The event source indicated in the Event Viewer for the policy management and deployment server is:
OvPolicyMgmt - Security Server (OvSecurityServer)
The event source indicated in the event viewer for the security server is:
OvSecSvr - Message and action Server
(OvEpMessageActionServer)
The event source indicated in the event viewer for the message-action server is:
OvEpMsgActSvr - Local message changes
The event source indicated in the event viewer for message changes done locally on the HPOM server is:
MessageChanges_local - Changes to forwarded messages
The event source indicated in the event viewer for message changes done on another management server and forwarded to this management server is :
MessageChanges_forwarded
In order for the Windows event service to be able to distinguish between the custom or the standard application log, the names used to identify event sources in the custom log used by the security-audit feature must be different to the names used to identify sources in the standard application log. For example, the name OvPolicyMgmt is used to identify the source of events associated with the PMAD sever in the security-audit log: the name HPOV-PMAD is used when PMAD writes entries to the standard application log.
NOTE:The standard application log contains errors, warnings, and other useful information about Windows applications or services, for example; when they are shut down. The security-audit log contains entries relating strictly to events, which have passed or failed the HPOM or Windows audit.
Related Topics: