Auditing Configuration Changes made using the eG Monitor Interface

Just like changes made using the eG admin interface, care should also be taken while making changes using the eG monitor interface - eg., while deleting alarms, acknowledging alarms, configuring quick insight/live graph views, etc. Changes that are implemented carelessly can only add to an administrator’s confusion, and cause unnecessary delay in problem resolution.

eG Enterprise therefore provides auditlog reports that enable administrators to track user activities on the eG monitoring console, and to accurately detect changes wrongly made and the user responsible for the same.

To generate these reports, do the following:

  1. Login to the eG administrative interface as admin.
  2. Select the Monitor option from the Audits tile.
  3. Figure 8 then appears, providing a wide range of options for report generation.
  4. The default Timeline for the report is 24 hours. You can choose any other fixed period from the Timeline list, or select the Any option from this list. Choosing the Any timeline, allows you to provide a From and To date and time for report generation. If you change the Timeline settings, then make sure that you click the right-arrow button at its end, to register the changes.
  5. Next, select the User whose monitoring activities you want to audit. By default, the All option is displayed here, indicating that the report provides the details of the configuration changes effected by all users to the eG monitoring console. However, if only one user has actively used the eG monitor interface till date, then, by default, that user’s name is displayed in the User list.

    Administrators can configure the target environment for monitoring by logging into the eG administrative interface or by using the admin command line interface provided by the eG manager. This is why, by default, the audit log not only captures those configuration changes that are effected via the web-based eG administrative interface, but also logs those activities that are performed via the eG Admin Command Line Interface. While generating audit log reports, you have the option of viewing the changes across both these interfaces, or only those changes that pertain to a particular interface. To indicate your choice, use the Interface drop-down list in Figure 8. The options available in the Interface list are as follows:

    • Web: Select this option to view those changes that were effected only via the web interface;
    • Command Line: Select this option to view those changes that were effeced only via the eG command line interface;
    • All: Select this option to view all changes, regardless of interface.

    If required, you can choose not to maintain audit logs for activities performed via the admin command line interface by setting the Include activities from the admin command line interface flag in the Auditing section of the manager settings page to No. In this case therefore, the Interface drop-down list will not appear.


    The eG command line interface can currently be used only for administering the eG manager - i.e., for performing a few administrative tasks such as adding/managing components, configuring external agents/remote agents, assigning agents to secondary manager in a redundant manager setup, etc. Hence, the Interface option is currently relevant to the Admin Audit log Reports, and not the Monitor, Reporter, and Configuration Management Audit Log Reports.

  6. The Host IPs list displays all the IP addresses from which the chosen user(s) has accessed the eG monitor interface (see Figure 8). If you are looking for information on the monitor accesses from specific IPs, select those IP addresses alone from the Host IPs list.
  7. Once the Host IPs are chosen, the Modules list will be populated with those monitor modules that the chosen user(s) has worked with while accessing the eG monitor interface from the selected Host IPs (see Figure 8). If you want the details of changes that the user made in specific monitor modules, select those modules alone from the Modules list. 
  8. Based on the Modules selection, the Activities list will be populated. While working with the eG monitor interface, the selected user(s) might have performed a few specific operations on the chosen Modules. eG Enterprise automatically discovers the operations that correspond to the chosen user-host IP-module combination from the audit logs, and populates the Activities list with the operations so discovered (see Figure 8). If you want the details of specific activities only, select the required options alone from the Activities list.
  9. Finally, click the Show button to generate the report.

    Figure 8 : Report displaying the details of changes to the eG monitor modules

  10. The resulting report provides the following details (see Figure 8):

    • The date/time of the change
    • the name of the user who made the change
    • the IP address of the host from which the user accessed the eG monitor interface
    • the module that was accessed by the user
    • the specific operation/activity that was performed by the user on that module
    • the Interface type that was used - whether web or command line
    • the detailed description of the change, followed by a snapshot of the settings prior to change, and the settings after the change; if a configuration has been newly introduced (for e.g., quick insight view was newly created), then only the Current Settings will be displayed
    • Note:

      By default, every change record that the report displays will be accompanied by the Current and Previous configuration settings. This can sometimes clutter the report view, making it difficult for you to read and analyze the report. You can therefore hide both these columns from the report, by setting the ShowChanges parameter in the [audit_log_settings] section of the eg_ui.ini file to No.

  11. In a redundant setup, the auditlog report will have an additional MANAGER NAME column, which displays the IP or host name of the manager to which a record pertains.
  12. You can print the report by clicking on the Print icon at the right, top corner of Figure 8, or save the report as a PDF file by clicking on the Save icon. You can even save the report as a CSV file by clicking on the csv icon in Figure 8. You can also schedule the report to be generated and mailed to the recipient at specific time intervals by clicking the icon.