Audit policy management and deployment
You enable auditing of policy management and deployment by
monitoring the underlying Windows service, which controls policy
management and deployment, namely: OvPmad.
When you enable auditing for policy management and deployment,
the PMAD server writes entries to the custom application log
OvConfigChanges for each change that is made to the
policy-management configuration and, in addition, for each and
every deployment job that is started, restarted, suspended, or
canceled. The PMAD server also writes an entry to the custom
application log for any operation that fails due to insufficient
user rights, for example; when an operator tries to edit a policy
without the necessary permissions.
Each entry in the custom application log concerning an audit event for policy management and deployment contains the following information in the event header:
- Date:
The date when the event occurred, for example: "1/23/2004" - Time:
The time at which the event occurred, for example: "10:18:52 AM" - Type:
The type of event, for example: "Success Audit" for events concerning policy management and deployment jobs which succeed and "Failure Audit" for events relating to jobs that fail, for example; due to insufficient permissions. - User:
The name of the user who called the PMAD interface, for example: the user of the MMC console - Hostname:
the hostname of the HPOM for Windows management server on which the event was logged - Source:
This value is always set to "OvPolicyMgmt" for the HPOM for Windows PMAD Server. - Category:
This value is always set to "None" - Event ID:
A unique identifier for the logged event - Description:
A short description of the event, which has been logged, for example:(PMD393) A deployment job (ID '1012') to install version 9.0 of policy 'WINOSSPI-Ex60 Exchange Application Warnings' (type 'Windows Event Log') on node 'YODA (management server)' has been added to the job queue.
Related Topics: