To gather audit data and include it in SSRS reports, use the InTrust Manager MMC snap-in. Alternatively, you can use real-time event collection in InTrust Deployment Manager and analyze events using Repository Viewer.
The following two topics deal with how to use these components for the task:
The combination of InTrust and the Knowledge Pack for Active Roles lets you easily gather audit data and create reports on it. The most convenient way to accomplish both of these objectives is to use a single InTrust task. You configure this task in the InTrust Manager MMC snap-in.
This section concentrates on what you do with InTrust Manager that involves objects from the Active Roles Knowledge Pack. For detailed instructions on how to do it, see the Auditing Guide.
InTrust tasks are chains of specialized operations called jobs. To gather Active Roles-related audit data and report on it, you need a task that includes at least a properly configured gathering job and a reporting job.
The necessary tasks are provided for you in the Knowledge Pack: “Active Roles: Daily events collection” and “Active Roles: Weekly reporting”. In general, there are tasks intended for gathering and those meant for reporting. The collection tasks gather audit data to the repository. The reporting tasks import the necessary data to the database, compile reports using that database, and then clean up the database.
The default configuration requires that you simply set an appropriate schedule for the tasks. However, if you want to split the reporting workflow into several tasks, you can make copies of the predefined reporting tasks and edit the parameters of the reporting jobs.
When configuring gathering jobs, you must supply the following information:
Reports help you find out about any event from the Active Roles Administration log in detail. In particular, you can report on the following:
When configuring InTrust reporting jobs, you have access to reports shipped with the Knowledge Pack. In addition to the choice of reports, the following settings are important for reporting jobs:
The simplest way to organize reporting is as follows:
As described in this guide, real-time monitoring facilities provided by the Knowledge Pack focus on the health and functionality of the Active Roles service.
InTrust Manager and InTrust Monitoring Console are the two components that enable you to work with real-time monitoring objects.
InTrust sends out alerts as soon as certain events or conditions occur. Alerts are viewable in InTrust Monitoring Console. Notifications about alerts can be email or net send messages.
For more details, see the following topics:
InTrust Manager lets you set up real-time monitoring. Real-time monitoring is governed by InTrust rules. To get a rule to work successfully, make sure of the following:
To enable notifications
For an example of the described configuration, see the Checking Policy Compliance topic. For other settings, such as configuring response actions and scheduling monitoring, refer to the InTrust documentation.
Monitoring Console provides a centralized Web interface for real-time monitoring alerts. People responsible for resolution of certain types of alerts can have corresponding profiles to view only the reports they need.
Before you can use InTrust Monitoring Console to work with rules from the Knowledge Pack, complete the following preparatory steps:
After this, make some changes to Monitoring Console configuration by creating the following:
Open the Monitoring Console Administration page. For that, click the Monitoring Console entry in the Start menu, and when the page loads, append "/Administration" to the URL in the address bar.
On the Administration page, click New in the left pane to start the New Alerting Profile Wizard.
The wizard lets you select the InTrust Server that generates the alerts and specify who views these alerts. You let your personnel view alerts by assigning the roles of alert readers and alert managers. To allow a user to view alerts, assign the alert reader role to the user account; to allow a user to add comments and to acknowledge and resolve alerts, assign the alert manager role. Alert records are available to users (alert readers and alert managers) only if their accounts are inspectors for both monitored sites and rule groups.
After a new profile has been successfully configured, you can customize alert views for this profile in Monitoring Console. To open Monitoring Console, you can click its entry in the Start menu.
Creating alert views doesn't involve the Administration page. To create a view, open the regular Monitoring Console page (click the Monitoring Console entry in the Start menu).
Click New to start the New Alert View Wizard. This wizard lets you select the rules and sites that you want to monitor, and saves your preferences as an alert view. For an existing view, you can configure filters based on alert state and generation time and other alert properties. Within a view, you can examine alert statistics and analyze the alerts in detail. For more information, refer to the Monitoring Console help.
You can create as many alert views as you need for organizing your alert resolution workflow.