How to Manage the Audit Log for AMT-Based Computers in Configuration Manager 2012

Updated: May 1, 2011

Applies To: System Center Configuration Manager 2012

If you have configured Configuration Manager 2012 for AMT auditing, you can enable and disable auditing on selected AMT-based computers, you can update existing audit settings, you can export the auditing entries to a file, and you can clear the auditing log. Clearing the audit log on AMT-based computers might be necessary if you need to make more space in the log for new entries. All the auditing features that can be selected by using Configuration Manager are categorized as non-critical, and depending on your AMT version, these might stop writing to the audit log when it is 85 percent full or might start overwriting old entries. You can save the current audit log entries and delete them from an AMT-based computer by using the out of band management console.

Use the following procedures to manage the audit log for AMT-based computers:

Before you perform these procedures, Configuration Manager 2012 must be configured for AMT auditing as described in .

To enable auditing and update audit settings on AMT-based computers

  1. In the Configuration Manager console, click Assets and Compliance.

  2. In the Assets and Compliance workspace, from one of the collections, select one or multiple resources for which you want to enable auditing or update the audit settings., right-click and select Manage Out of Band , and then click Enable Auditing and Apply Audit Log Settings.

  3. Click OK in the confirmation dialog box.

To disable auditing on AMT-based computers

  1. In the Configuration Manager console, click Assets and Compliance.

  2. In the Assets and Compliance workspace, from one of the collections, select one or multiple resources for which you want to clear the AMT audit log, right-click and select Manage Out of Band, and then click Disable Audit Log.

  3. Click OK in the confirmation dialog box.

To export the audit log for AMT-based computers

  1. Connect to the resource by using the out of band management console.

  2. Click System Audit Log, click Export All, specify the path and filename to contain the auditing entries, and then click OK.

To clear the audit log on AMT-based computers

  1. In the Configuration Manager console, click Assets and Compliance.

  2. In the Assets and Compliance workspace, from one of the collections, perform one of the following actions:

    • To clear the audit log for all AMT-based computers in a collection, right-click the collection, select Manage Out of Band, and then click Clear Audit Log.

    • To clear the audit log for selected AMT-based computers, select one or multiple resources within a collection, right-click Manage Out of Band, and then click Clear Audit Log.

  3. Click OK in the confirmation dialog box.

To monitor auditing activities by using status messages

  1. In the Configuration Manager console, click Monitoring.

  2. In the Monitoring workspace, expand System Status, click Status Message Queries, and then in the results pane, click All Status Messages.

  3. In the Home tab, in the Status Message Queries group, click Show Messages.

  4. In the All Status Messages dialog box, you are prompted for the time period for which you want to check status messages. Enter the time period or date and time, and then click OK.

  5. All status messages are displayed in the Configuration Manager Status Message Viewer. Click the Component column, and locate the status messages with a component named Microsoft.ConfigurationManagement.exe.

  6. For more information about any of the status messages, right-click a status message, and then select Detail.

  7. View the information in the Status Message Details dialog box, and then click OK to close this dialog box, or click Previous or Next to view the details of other status messages.

  8. Click OK to close the Status Message Details dialog box, and close the Configuration Manager Status Message Viewer.

See Also