BatchPatch Audit Logging

Yesterday we published a new build of BatchPatch that includes a new ‘Audit Logging’ feature. The purpose of this new Audit Logging feature is to help with keeping track of who has executed actions on target computers, and which actions they have executed.

To provide access to this new feature there is now a new tab under ‘Tools > Settings > Audit Logging’

To enable audit logging simply choose a directory for the log files to be stored, and choose a file name. Then click ‘Enable audit logging.’ When audit logging is enabled or disabled, ‘enabled‘ or ‘disabled‘ stamps will get written to the log file so that for the sake of compliance you can keep track of not only actions that are executed on target computers but also if a user disables audit logging.

Once enabled, the audit log will display a copy of everything that is logged to the ‘All Messages’ column in BatchPatch, along with the timestamp of execution, the current user, the target host name, and the target user. The ‘current user’ is the name of the logon account that was used to launch/run batchpatch.exe. The ‘target user’ is the user that was specified in the ‘Alternate Credentials’ column for a given row to execute remote actions on the target host. If no alternate credentials were specified for a row, then the ‘target user’ will be written as ‘Integrated Security,’ in the audit log, which means the target user impersonated the current user for that action. The screenshot below shows a sample of what the log looks like.

If you have any comments, questions, or other feedback about this feature or any other aspects of BatchPatch, please do not hesitate to reach out to us.

This entry was posted in Blog, General, Tutorials and tagged . Bookmark the permalink. Both comments and trackbacks are currently closed.