Knowledgebase: NotifyMDM Server
Accessing Administrator Audit Records
Posted by Donna Magada on 28 March 2012 02:44 PM

Phase One of the NotifyMDM Administrator Audit Trail feature will audit administrator login/logout activity, updates to Policy Suites, as well as, administrator initiated security and device compliance actions.  These logs can be accessed from the database and include sufficient details to restore the historic state of the system. 

Though Phase One does not provide Dashboard accessibility, the audited information can be viewed by using database queries.  Notify Technology Corporation Technical Support Staff, can assist NotifyMDM administrators with techniques in using the raw data for troubleshooting and restorative purposes, where applicable.

This article provides stored procedures that administrators may use to begin analyzing data for troubleshooting purposes.  Begin by running the script attached to this article to create the store procedures.  Then use the scripts below to execute the stored procedures.  You may require assistance from a Notify Technology Corporation Technical Support Staff member when more detailed information about database structure is required to interpret the results of the procedures.

The stored procedures are as follows:

1. Gets all the login audits when an administrator's username is specified.  Enter the administrator's username in single quotes.
 Exec spGetAuditByAdmin 'AdminUsername'

2. Gets all the audits of updates performed through SQL Query Analyzer
Exec spGetAuditBySQLQueryAnalyzer

3. To view the previous state of a policy suite, this script gets the previous values from the corresponding history table for the AuditTrialInfoSAKey selected. Enter the AuditTrialInfoSAKey in single quotes. 
Exec spPreviousAudit 'AuditTrailInfoSAKey'

4. To view a comparison of the current state of a policy suite to its previous state, this script gets the previous value and the current value from the corresponding history tables for the AuditTrailInfoSAKey selected.  Enter the AuditTrialInfoSAKey in single quotes. 
Exec USP_AUDIT_TRAILS_COMPARE_AUDIT 'AuditTrailInfoSAKey'



Attachments 
 
 querytoviewaudits.sql (12.24 KB)