By now, you have configured the connection between InTrust and the virtualization servers. To fine-tune the configuration of auditing and reporting, you can do the following:
|What you want to do||
What you should configure
|Change the event gathering schedule||
Edit the schedule in the properties of the task you are using.
|Redirect events to different data stores||
In the properties of the gathering job inside the task, change the audit database or repository.
|Browse gathered events directly||
Use InTrust Repository Viewer.
In the task, add a final reporting job. Configure the properties of the job, such as the reports you want and report delivery settings.
|View interactive reports||
Use InTrust Knowledge Portal. To start working with Knowledge Portal, it is required to specify some of the security settings and data source properties.
Before you can view reports, configure the data source to connect to the product database. Data sources are databases that store the information used in the reports.
It is also required to configure access rights to provide the report users with access to reports they need. These rights are assigned through specifying appropriate SQL Reporting Services role to a user or group account.
After Knowledge Portal is properly configured, open InTrust Manager and launch the task that includes a reporting job with the reports you need. Then in Knowledge Portal use the Reports tab.
For detailed information, see the
|Tweak the scope of events that are collected to filter out unnecessary data||
Edit the repository of database filter in the properties of the data source or the policy that includes the data source. Policy filters are applied after data source filters.
Remember to commit the changes you make to InTrust configuration.
For details about the procedures suggested, see the
This topic describes typical situations in a production environment and how InTrust helps handle them. For more details, see the following:
For information about specific procedures, such as creating tasks and jobs, see the
Suppose you have a single vCenter server, and your vCenter resources have been carefully rationed. The workload is currently approaching capacity. You need to make sure that only the current resource pool administrators make changes that affect vCenter performance, and these administrators make their changes responsibly.
For that purpose, prepare an auditing and reporting workflow that includes the following:
To set up event gathering
To set up reporting
For more details about reporting jobs, see the
Removal of virtual machines is understandably a highly important action to watch out for. Such activity should be tracked very closely.
To set up event gathering
To track virtual machine removal in Repository Viewer