Bill Posted May 2, 2022 Posted May 2, 2022 How can I produce a report that shows activity on an endpoint? The audit report only shows current status. I would love to be able to show my customers: On this endpoint, this month 9 Windows updates were installed 4 3rd party apps were patched 2 new apps were installed 1 security event was resolved and these scripts were run 4/1/22: Backup - successful 4/2/22: Backup - successful Configuration - successful 4/3/22: etc. Every script run should be shown. If scripts were run as part of a task, a workflow, or manually from the UI, they should all be shown with date/time, script name and result. This info must be in the database. How can I get to it?
Bill Posted May 4, 2022 Author Posted May 4, 2022 I have solved this the best way I can for now. Set up Low level alerts for everything I want to report on. Use a rule in my email client to direct the large volume of messages to a folder that is not my inbox. Add code to all my scripts to insert a Windows Event with a unique source and Event ID. Set up endpoint policies to alert on these events. Now, to report, I can go to Server Admin, Notifications and query for these records. Output to CSV and do a little awk and grep to extract and format the information. Finally import into a spreadsheet template formatted to produce a nice looking report. Except for the report production, the rest is automated.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now