Using the Audit Log to Determine Where Actions are Being Routed
In complex environments where actions can run via the Recast Agent, Recast Proxy, and the ConfigMgr Fast Channel, the audit log can be a great help in determining how actions are being Routed in your environment.
Finding the Audit Log Information
The Audit Log is located in the Recast Managment Server and can be accessed by clicking on the audit Log Button on the left hand side of the interface.
Audit Log Information
The audit log contains information on when an action was run, who ran the action, the plugin that the action is a part of, which action was run, and the Execution time. The two buttons on the right hand side of the Log information include the results of the action, and which Proxy ran the action.
If you click on the "Proxies" Button, it will show you which Proxy (and what type the Proxy was) ran the action in your environment. Proxy Types include:
- Recast Proxy - This means the action was run by a Recast Proxy using the Service Account that the proxy is running under. This corresponds to the "Route Type" of Service Account.
- Right Click Tools - This means that the action was run from the computer running the ConfigMgr console as the user who was logged into the console. This corresponds to the "Route Type" of Right Click Tools.
- No proxy data found. Proxy data is cached in memory, so if this is an older action, this data may not be available. - This message can mean one of two things. Either the information really is out of date (it is no longer in memory) or the action was run as a Recast Agent (this is a bug, Agent should be able to identify itself but is not able at this time.)
How is this useful?
If you are trying to determine if your actions are being attempted by a Recast Proxy, it is a great way to tell if the action was attempted to run over Proxy. The dialog box will also show which machine the proxy is running on, and which service account ran the action. If the Type is "Recast Proxy" your routes are configured so that the Proxy is running the action.
If you are attempting to run actions over a Recast Proxy, and you see that the proxy in the audit log is listed as "Right Click Tools" you know that the actions are attempting to run from the ConfigMgr console, and are not running as the proxy. You should check your Routes and Scopes to make sure that actions are being routed correctly.