cancel
Showing results for 
Search instead for 
Did you mean: 

Audit Log Extractor (Track Prognosis Activity)

Community Manager

Re: Audit Log Extractor (Track Prognosis Activity)

Cedric Jackson said
I installed it on the CMS monitoring node. Should I install it everywhere?  


Hi Cedric,

Yes you should install the solution on every node that you would like to view the audit logs from.

You can also create a node group of desired nodes and apply it to the display so you can use one node to view all audits.
Community Manager

Re: Audit Log Extractor (Track Prognosis Activity)

Hi Cedric,

I just reviewed your screenshot and those Net Router Communication entries are immediately logged after the Shutdown and Restart items for prognosis so are just related to the restarting of prognosis services and nothing to worry about. If they were to occur at other times, we would recommend pursuing them. I hope this helps.
05 Base Camper

Re: Audit Log Extractor (Track Prognosis Activity)

Hi Adam,

I never got back to you, sorry about that.
Thanks a lot for the script, it's a great way to gather and store auditlogs from multiple nodes in a DB for instance, at least that's what I intend to use it for.

I wanted to find a way to "beautify" the record content by removing the values surrounding double quotes and I just found an easy way to do that.
It needs a bit of rewriting though, here's what the result looks like.

Without-double-quotes.PNG

I'm basically using a RegEx to extract the text content between the double quotes.

Let me know if your interested in having a look at the script (for which I can take no credit, it's just a combination of the one you sent me + help file examples).
Community Manager

Re: Audit Log Extractor (Track Prognosis Activity)

Hi Guillaume,

That is a great idea. Please do email me a copy of that and I will review it and update the existing zip with that.
This is the sort of knowledge sharing we like to encourage on the forum, and I am so happy you are offering to share your enhancement with the Prognosis community.

I will email a copy to the existing people we have provided this solution to as well (This is why we ask people to post a request here instead of just blindly providing a download link. It is so we can know who has the solution so we can provide enhancements, tips, and updates)

I look forward to reviewing those regex's

Re: Audit Log Extractor (Track Prognosis Activity)

I also wanted to add that if your goal is to simply get the log Prognosis to then import it into another tool like a SEIM in an automated fashion.. in P11.x we have a built in System Enterprise Information Manager (SEIM) / Audit SysLog feed integration option it can be export the Prognosis Audit Log in realtime directly to your corporate consolidated log server, which is commonly requested/required by some audits depending on what Prognosis is monitoring.
http://help.prognosis.com/docs/IZ3SFZUMSW6JRQDINKQK5XO4J26LIUH6TU2XDHY/Prognosis_11-1/index.htm

If my answer helped you today, please be sure to mark the resolved button to assist others.

Christopher R Souser - Sr. Services Solution Engineer, Payments & Infrastructure – MSci. PA, CISSP, ITIL.
Community Manager

Re: Audit Log Extractor (Track Prognosis Activity)

Guillaume Nani said
Hi Adam,

I never got back to you, sorry about that.
Thanks a lot for the script, it's a great way to gather and store auditlogs from multiple nodes in a DB for instance, at least that's what I intend to use it for.

I wanted to find a way to "beautify" the record content by removing the values surrounding double quotes and I just found an easy way to do that.
It needs a bit of rewriting though, here's what the result looks like.

Without-double-quotes.PNG

I'm basically using a RegEx to extract the text content between the double quotes.

Let me know if your interested in having a look at the script (for which I can take no credit, it's just a combination of the one you sent me + help file examples).  


Hi Guillaume,

Thank you for the enhanced extractor file for this solution.
Thank you also for letting me know about an issue with duplicate rows of the same timestamp being merged.

Action Plan:
I will do a couple more tests on the extractor
I will add a fix I just did for the PRAUDLOG.udefsrec to let it cope with mutliple rows having the exact same timestamp
I will send both the enhanced extractor and fix to all clients we have given this solution to so far.
05 Base Camper

Re: Audit Log Extractor (Track Prognosis Activity)

You're welcome Adam.

Thanks for providing a corrected version!
Community Manager

Re: Audit Log Extractor (Track Prognosis Activity)

All customer's who were given the first release of this solution have now been sent download links and instructions for the new version files:

Prognosis Auditlog Extractor V1.1.03282017.zip
README - Prognosis Auditlog Extractor V1.1.docx

If anyone else has been given this solution and I have not emailed you with the above updated files, please post here.
New requests forward will offcourse get the updated files.
IR Partner

Re: Audit Log Extractor (Track Prognosis Activity)

Adam,

Good afternoon.

Can you please send me this package. Since installing my new Enterprise Top Level server I want to use that box for monitoring just like this solution will provide. I look forward to receiving this install package and getting it in my environment.

Thank you sir,

Jon
Community Manager

Re: Audit Log Extractor (Track Prognosis Activity)

Hi Jon,

I am sending this to you now. I really think in your complex environment with the multiple users logging in, this provides great value.
You should have the email with the download link in the next 10 minutes.
Webinar: The Journey to Microsoft Teams - Readiness Phase (part 2)

Having looked at the planning phase in session one of this series, we will turn our focus to the readiness phase. The all important technical capabilities assessment, ensuring the network, endpoints and users are adequately prepared for the move.

Hear first hand from IR's Global Head of Information Systems and Technology, Jason Schwendinger, on how he has been tackling these issues.

Join webinar