If Configuration Manager has been configured for AMT auditing, you can enable and disable auditing on selected AMT-based computers, you can update existing audit settings, you can export the auditing entries to a file, and you can clear the auditing log. Clearing the audit log on AMT-based computers might be necessary if you need to make more space in the log for new entries. All the auditing features that can be selected by using Configuration Manager are categorized as non-critical, and depending on your AMT version, these might stop writing to the audit log when it is 85 percent full or might start overwriting old entries. You can save the current audit log entries and delete them from an AMT-based computer by using the out of band management console.
Note |
---|
The information in this topic applies only to Configuration Manager 2007 SP2. |
Use the following procedures to manage the audit log for AMT-based computers. Before performing these procedures, Configuration Manager must be configured for AMT auditing as described in How to Configure AMT Auditing.
To enable auditing and update audit settings on AMT-based computers
-
In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Computer Management / Collections.
-
From one of the collections, select one or multiple resources for which you want to enable auditing or update the audit settings, right-click and select Out of Band Management, and then click Enable Auditing and Apply Audit Log Settings.
-
Click OK in the confirmation dialog box.
To disable auditing on AMT-based computers
-
In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Computer Management / Collections.
-
From one of the collections, select one or multiple resources for which you want to clear the AMT audit log, right-click and select Out of Band Management, and then click Disable Audit Log.
-
Click OK in the confirmation dialog box.
To export the audit log for AMT-based computers
-
Connect to the resource using the out of band management console.
-
Click System Audit Log, click Export All, specify the path and filename to contain the auditing entries, and then click OK.
To clear the audit log on AMT-based computers
-
In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Computer Management / Collections.
-
Perform one of the following actions:
- To clear the audit log for all AMT-based
computers in a collection, right-click the collection, select
Out of Band Management, and then click Clear Audit
Log.
- To clear the audit log for selected AMT-based
computers, select one or multiple resources within a collection,
right-click Out of Band Management, and then click Clear
Audit Log.
- To clear the audit log for all AMT-based
computers in a collection, right-click the collection, select
Out of Band Management, and then click Clear Audit
Log.
-
Click OK in the confirmation dialog box.
To monitor auditing activities by using status messages
-
In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / System Status / Status Message Queries.
-
Right-click the query All Status Messages, and then click Show Messages.
-
In the All Status Messages dialog box, you are prompted for the time period for which you want to check status messages. Enter the time period or date and time, and then click OK.
-
All status messages are displayed in the Status Message Viewer. Click the Component column, and locate the status messages with a component named Microsoft.ConfigurationManagement.dll.
-
For more information about any of the status messages, right-click a status message, and then select Detail.
-
View the information in the Status Message Details dialog box, and then click OK to close this dialog box, or click Previous or Next to view the details of other status messages.
-
Click OK to close the Status Message Details dialog box, and close the Status Message Viewer.