Update Rollup 2 for SCOM 2019 has finally been released, and there are some cool new features, one of them which this blog post will briefly go through is the change tracking of management packs.
[lwptoc]
Introduction
In System Center Operations Manager (SCOM) we have user roles that controls what a user has access to in a SCOM environment. Multiple users or groups can be associated with a user role, it is through these user roles that we are able to change monitoring settings. Most of the monitoring changes in SCOM are through management packs (if you don’t know what a management pack is, read more here).
What’s new?
In previous versions SCOM, there was no tracking of changes to identify the user who has done the changes and when. Update Rollup 2 for SCOM 2019 now supports change tracking in management packs. The change tracking is enabled by default and will automatically start tracking and reporting changes of the management packs and the management pack objects.
A quick look into the change tracking
The change tracking is no new setting or feature, it is actually reports that give us information of the change tracking. The Update Rollup 2 for SCOM 2019 provides three (3) new reports: Management Pack History, Management Pack objects and Overrides Tracking.
These reports are available under the Reporting pane and they can be found under the Microsoft Generic Report library:
Let’s go quickly through the reports and how they look like.
Management Pack History
This report retrieves details for every management pack install or delete happened on any management server for the selected duration. The results will display management pack name, version, action (install or delete) and the user who have performed the action. |
To make the reports easier to view/read, you can filter the reports with the following criteria:
Date
Action
Username
The report displays the following fields and values:
[supsystic-tables id=68]
Example report:
Note:
Any management packs, which have been imported, deleted or updated prior to the Update Rollup 2 upgrade, will be captured in the report, but user context will not be captured for these.
Any update on management pack will be captured in two entries in the report. First entry for deletion of older management pack version and second entry for the installation of new version.
Management Pack Objects
This report retrieves details when a new monitors, rules, discoveries and groups, diagnostics, recovery, module types is either created or imported; and by whom and when. The report also lists any deletion or edit that happens to the management pack objects. |
To make the reports easier to view/read, you can filter the reports with the following criteria:
Date
Username
Management Pack
Action
Object
The report displays the following fields and values:
[supsystic-tables id=69]
Example report:
Overrides tracking
The report retrieves overrides defined or applied to a selected list of management packs during specific time interval. The result list provides details like username, object name, type of object, old value, new value for the performed overrides. There can be more than one record for a specific override when multiple parameters are changed. Detailed section of the report shows list of all versions of the management pack the override was defined in. |
To make the reports easier to view/read, you can filter the reports with the following criteria:
Date
Object
Username
Management pack name
The report displays the following fields and values:
[supsystic-tables id=70]
Example report:
What’s next?
Microsoft announced that the auditing features are going to be deployed in different phases, the first phase was to include the install/remove management packs and overrides changes.
The next phase will include administrator settings, so stay tuned for more in the near future, if you have any suggestions related to change tracking/auditing or anything related to SCOM, make sure to submit your feedback/suggestions over at the SCOM uservoice page, make your voice heard!
Conclusion
I believe the management pack change tracking is only the beginning and we are off to a great start of finally being able audit some changes being done in SCOM. It’s a feature that that many SCOM users, administrators and customers have been waiting for.
There are still many additional things that people may want to be audited in SCOM, but fear not, there are more auditing features on it’s way!