Bill
-
Posts
2 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by Bill
-
-
How can I produce a report that shows activity on an endpoint? The audit report only shows current status. I would love to be able to show my customers:
On this endpoint, this month
- 9 Windows updates were installed
- 4 3rd party apps were patched
- 2 new apps were installed
- 1 security event was resolved
and these scripts were run
- 4/1/22: Backup - successful
-
4/2/22: Backup - successful
            Configuration - successful - 4/3/22: etc.
Every script run should be shown. If scripts were run as part of a task, a workflow, or manually from the UI, they should all be shown with date/time, script name and result.
This info must be in the database. How can I get to it?
Â
Historical activity report
in General
Posted
I have solved this the best way I can for now. Set up Low level alerts for everything I want to report on. Use a rule in my email client to direct the large volume of messages to a folder that is not my inbox.
Add code to all my scripts to insert a Windows Event with a unique source and Event ID. Set up endpoint policies to alert on these events.
Now, to report, I can go to Server Admin, Notifications and query for these records. Output to CSV and do a little awk and grep to extract and format the information. Finally import into a spreadsheet template formatted to produce a nice looking report.
Except for the report production, the rest is automated.
Â