You can review user activity ranging from user login to monitoring rules changes and many things in between. In order to do so, you will need access to the Goliath Server.
User activity can be reviewed by accessing the MonitorITAudit.log which can be found at C:\Program Files\MonitorIT\Bin or C:\Program Files (x86)\MonitorIT\Bin by default.
Review the chart below to determine what term(s) to search for in the log file, to find the needed info. All events will include the date and timestamp of the event and if Role Based Security is configured, the user who executed event.
Audit Items |
Search Term |
Agent install/update from console |
Agent Install |
Inventory item edited |
Computer_Replace |
Inventory item added |
Computer_Add |
Inventory item deleted |
Delete Inventory |
Inventory Filter updated |
SaveInventoryFilterSpecs |
Database Maintenance updated |
Set_AutoPurge |
Group created |
Group_Add |
Group edited |
Group_Replace |
Group deleted |
Group_Delete |
Monitoring Rules imported |
Import Watches |
Monitoring Rules edited |
AlertGroup_Replace |
Monitoring Rules deleted |
Delete Monitoring Rules |
Monitoring Rule created |
When new Monitoring Rules are created the log displays:AlertGroup_AddYou can also search on the following for specific rule details:EventLogWatch_AddCustomCheck_AddWinServicesWatch_AddProcessCheck_ADDServices_add |
In addition to the above search terms, the GPMServer.log* files can be searched with the term login - Login in order to find users logging into the Goliath console.