A quick look into the change tracking of management packs in SCOM

Written By Leon Laude

Update Rollup 2 for SCOM 2019 has finally been released, and there are some cool new features, one of them which this blog post will briefly go through is the change tracking of management packs.

Introduction

76fac-featured_image-scom_mp_changetracking.png

In System Center Operations Manager (SCOM) we have user roles that control what a user has access to in a SCOM environment. Multiple users or groups can be associated with a user role, it is through these user roles that we are able to change monitoring settings. Most of the monitoring changes in SCOM are through management packs (if you don't know what a management pack is, read more here).

What's new?

In previous versions of SCOM, there was no tracking of changes to identify the user who has done the changes and when. Update Rollup 2 for SCOM 2019 now supports change tracking in management packs. The change tracking is enabled by default and will automatically start tracking and reporting changes of the management packs and the management pack objects.

A quick look into the change tracking

The change tracking is no new setting or feature, it is actually reports that give us information of the change tracking. The Update Rollup 2 for SCOM 2019 provides three (3) new reports: Management Pack History, Management Pack objects and Overrides Tracking.

These reports are available under the Reporting pane and they can be found under the  Microsoft Generic Report library:

Change_tracking_MPs

Change_tracking_MPs

Management Pack History

This report retrieves details for every management pack install or delete that happened on any management server for the selected duration. The results will display the management pack name, version, action (install or delete), and the user who has performed the action.

To make the reports easier to view/read, you can filter the reports with the following criteria:

Date

Date

Action

Action

Username

Username

The report displays the following fields and values:

Example Report

Example Report

Note: Any management packs, which have been imported, deleted or updated prior to the Update Rollup 2 upgrade, will be captured in the report, but user context will not be captured for these.

Any update on the management pack will be captured in two entries in the report. First entry for deletion of older management pack version and second entry for the installation of a new version.

Management Pack Objects

This report retrieves details when new monitors, rules, discoveries and groups, diagnostics, recovery, module types are either created or imported; and by whom and when. The report also lists any deletion or edit that happens to the management pack objects.

To make the reports easier to view/read, you can filter the reports with the following criteria:

Date

Date

Username

Username

Management Pack

Management Pack

Action

Action

Object

Object

The report displays the following fields and values:

Example Report

Example Report

Overrides tracking

The report retrieves overrides defined or applied to a selected list of management packs during the specific time interval. The result list provides details like username, object name, type of object, old value, new value for the performed overrides. There can be more than one record for a specific override when multiple parameters are changed. The detailed section of the report shows a list of all versions of the management pack the override was defined in.

To make the reports easier to view/read, you can filter the reports with the following criteria:

Date

Date

Object

Object

Username

Username

Management Pack Name

Management Pack Name

The report displays the following fields and values:

Example Report

Example Report

What's next?

Microsoft announced that the auditing features are going to be deployed in different phases, the first phase was to include the install/remove management packs and overrides changes.

The next phase will include administrator settings, so stay tuned for more in the near future, if you have any suggestions related to change tracking/auditing or anything related to SCOM, make sure to submit your feedback/suggestions over at the SCOM UserVoice page, make your voice heard!

Conclusion

I believe the management pack change tracking is only the beginning and we are off to a great start of finally being able to audit some changes being done in SCOM. It's a feature that that many SCOM users, administrators, and customers have been waiting for.

There are still many additional things that people may want to be audited in SCOM, but fear not, there are more auditing features on its way! 

Leon Laude
Previous

SCOM Connector for ServiceNow - New Features Released
Next

Update Rollup 2 for System Center 2019 is out!