Jump to content

Historical activity report


Bill
 Share

Recommended Posts

How can I produce a report that shows activity on an endpoint? The audit report only shows current status. I would love to be able to show my customers:

On this endpoint, this month

  • 9 Windows updates were installed
  • 4 3rd party apps were patched
  • 2 new apps were installed
  • 1 security event was resolved

and these scripts were run

  • 4/1/22: Backup - successful
  • 4/2/22: Backup - successful
                 Configuration - successful
  • 4/3/22: etc.

Every script run should be shown. If scripts were run as part of a task, a workflow, or manually from the UI, they should all be shown with date/time, script name and result.

This info must be in the database. How can I get to it?

 

Link to comment
Share on other sites

I have solved this the best way I can for now. Set up Low level alerts for everything I want to report on. Use a rule in my email client to direct the large volume of messages to a folder that is not my inbox.

Add code to all my scripts to insert a Windows Event with a unique source and Event ID. Set up endpoint policies to alert on these events.

Now, to report, I can go to Server Admin, Notifications and query for these records. Output to CSV and do a little awk and grep to extract and format the information. Finally import into a spreadsheet template formatted to produce a nice looking report.

Except for the report production, the rest is automated.

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...