FAQ, News, SCOM, System Center, Update

A quick look into the change tracking of management packs in SCOM

The System Center Blog

Update Rollup 2 for SCOM 2019 has finally been released, and there are some cool new features, one of them which this blog post will briefly go through is the change tracking of management packs.

[lwptoc]

Introduction

In System Center Operations Manager (SCOM) we have user roles that controls what a user has access to in a SCOM environment. Multiple users or groups can be associated with a user role, it is through these user roles that we are able to change monitoring settings. Most of the monitoring changes in SCOM are through management packs (if you don’t know what a management pack is, read more here).

What’s new?

In previous versions SCOM, there was no tracking of changes to identify the user who has done the changes and when. Update Rollup 2 for SCOM 2019 now supports change tracking in management packs. The change tracking is enabled by default and will automatically start tracking and reporting changes of the management packs and the management pack objects.

A quick look into the change tracking

The change tracking is no new setting or feature, it is actually reports that give us information of the change tracking. The Update Rollup 2 for SCOM 2019 provides three (3) new reports: Management Pack History, Management Pack objects and Overrides Tracking.

These reports are available under the Reporting pane and they can be found under the  Microsoft Generic Report library:

Change_tracking_MPs

Let’s go quickly through the reports and how they look like.

Management Pack History

This report retrieves details for every management pack install or delete happened on any management server for the selected duration. The results will display management pack name, version, action (install or delete) and the user who have performed the action.

To make the reports easier to view/read, you can filter the reports with the following criteria:

DateManagementPack_History_1

ActionManagementPack_History_2

UsernameManagementPack_History_3

The report displays the following fields and values:

[supsystic-tables id=68]

Example report:
ManagementPack_History

Note:
Any management packs, which have been imported, deleted or updated prior to the Update Rollup 2 upgrade, will be captured in the report, but user context will not be captured for these.
Any update on management pack will be captured in two entries in the report. First entry for deletion of older management pack version and second entry for the installation of new version.

Management Pack Objects

This report retrieves details when a new monitors, rules, discoveries and groups, diagnostics, recovery, module types is either created or imported; and by whom and when. The report also lists any deletion or edit that happens to the management pack objects.

To make the reports easier to view/read, you can filter the reports with the following criteria:

Date
ManagementPack_Objects_1

UsernameManagementPack_Objects_2

Management PackManagementPack_Objects_5

ActionManagementPack_Objects_3

ObjectManagementPack_Objects_4

The report displays the following fields and values:

[supsystic-tables id=69]

Example report:
ManagementPack_Objects

Overrides tracking

The report retrieves overrides defined or applied to a selected list of management packs during specific time interval. The result list provides details like username, object name, type of object, old value, new value for the performed overrides. There can be more than one record for a specific override when multiple parameters are changed. Detailed section of the report shows list of all versions of the management pack the override was defined in.

To make the reports easier to view/read, you can filter the reports with the following criteria:

DateOverrides_Tracking_1

ObjectOverrides_Tracking_3

UsernameOverrides_Tracking_5

Management pack nameOverrides_Tracking_6

The report displays the following fields and values:

[supsystic-tables id=70]

Example report:Overrides_Tracking

What’s next?

Microsoft announced that the auditing features are going to be deployed in different phases, the first phase was to include the install/remove management packs and overrides changes.

The next phase will include administrator settings, so stay tuned for more in the near future, if you have any suggestions related to change tracking/auditing or anything related to SCOM, make sure to submit your feedback/suggestions over at the SCOM uservoice page, make your voice heard!

Conclusion

I believe the management pack change tracking is only the beginning and we are off to a great start of finally being able audit some changes being done in SCOM. It’s a feature that that many SCOM users, administrators and customers have been waiting for.

There are still many additional things that people may want to be audited in SCOM, but fear not, there are more auditing features on it’s way!

 

Published by The System Center Blog

My name is Leon Laude and I work as a Microsoft specialist. The purpose of this blog is being creative, giving ideas and also offering help regarding the System Center products & Azure services that I find interesting.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s