Skip Headers
Oracle® Enterprise Manager Configuration Change Console User's Guide
10g Version 10.2.0.5 for Windows or UNIX

E15313-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

11 Viewing and Analyzing Change Events

Configuration Change Console offers several options for examining change within the monitored IT infrastructure.

In addition, the Configuration Change Console offers reports that can be configured for specific needs through integrating with Oracle BI Publisher.

Activity Summaries

The Visualization > Activity Summary menus offer several ways to view change status and related activity across the infrastructure.

Table 11-1 Activity Summaries

Summary Description

Activity Dashboard

Displays current change or message activity.

Pending Notifications

Displays any notifications that are currently open (not acknowledged)

Change Summary

Summarizes device, process and user account activities during the last hour. Note that change events resulting from internal monitoring are not factored into Change Summary counts.

Audit Summary

Summarizes authorized and unauthorized audit activities in the last hour


Using the Activity Dashboard

The Activity Dashboard displays changes across the infrastructure over a selected timeframe. The data displayed on the dashboard is updated every five minutes. By default, the screen displays change data for the last two hours, but it can be toggled to show data across a user defined time frame by unchecking the Current Data checkbox.

To access this screen, navigate to Visualization --> Activity Summaries --> Activity Dashboard.

Refine the view by selecting individual device groups or devices from the drop-down menu. By unchecking the Current Data box, you can specify the exact time period for the graph. Note that the Message Count graph can only be viewed in the two hour live view.

You can also choose whether to display overall change counts, file changes, or agent messages from the drop-down Count menu. The message count indicates that the agent is functioning and communicating.

Viewing Event Summary Statistics

The Event Summary screen is a read-only screen displaying device, process, and user activity during the last hour. To access this screen, navigate to Visualization --> Activity Summaries --> Event Summary.

The data shown in this report is summarized in the following table:

Table 11-2 Event Summary Statistics

Category Description

Top Devices

The most active devices based on the number of process and file changes.

Top User Accounts

The most active user accounts, based on the number of recorded process changes for those users.

Notification Summary

Count of notifications by status: Escalated, Acknowledged, Pending, or Sent.

Top Notification Recipients

The recipients that received the most notifications.


Using the Audit Summary Screen

The Audit Summary screen offers a read-only summary of all authorized and unauthorized audits in the last hour. To access this screen, navigate to Visualization --> Activity Summaries --> Audit Summary.

The Audit Summary report includes the following summaries:

Table 11-3 Audit Summary Report Summaries

Category Description

Top Component

Instances The most active component instances based on the number of events.

Top Five Authorized Categories

The five most-used Ticket category combinations with authorized events.

Top Five Unauthorized Categories

The five most-used Ticket category combinations with unauthorized events.

Ticket Summary

The number of ticket updates sent to the Change Management server for both authorized and unauthorized events


Visualizing Change

Configuration Change Console provides views of your IT infrastructure change activity via the following screens:

Using these screens you can answer questions such as:

Each of these screens provides summary details and the ability to drill down to detailed information regarding specific changes.

Viewing Changes to Servers

The Server Events screen displays changes that occurred on servers during a defined time period. It offers visibility into process, file changes, user logins/logouts, and component internal events on a specific server.

To access this screen, navigate to Visualization --> Event Visualization --> Server Event.

Select Individual Devices from the Selection Mode drop-down menu to access individual devices, or select Device Groups to view logical groups. The Device Group mode is the default.

  • Expand an individual group to list its members, or select Expand All to expand all groups.

  • Use the Selection Helper to look for devices in specific groups by name or pattern.

Once you have selected the device(s), click Show Selected to display the Server Events screen.

Use the fields at the top of the screen to select the appropriate timeframe and click Apply Filters.

This top level screen that shows counts across multiple devices does not let you click on a count of events. You first must choose a device to view.

Note:

The following actions will increase the time it takes to retrieve and report results, and may cause the result set to be truncated:
  • Selecting a month time interval

  • Selecting a large number of managed devices

  • Clicking on a count for a large number of changes instead of narrowing down the time range.

From this screen, you can drill down to view additional information in a number of ways:

  • Drill down to a specific server

    Click on the link for a Server name to view how the changes break down by server.

  • Drill down to changes within a time window

    Click on a number link in a time column to view the changes in that time window. If the number is larger than 250, it will not be a link. Use the filters at top to narrow down the scope for smaller numbers.

If you drill down to changes by server, you can access the changes broken down into login/logouts, files, processes, and component-internal events.

Use the following to drill down to view details on changes:

  • Click on the Files link to drill down to a navigation tree of directory or file changes.

  • Click on the Login/Logout link to display a navigation tree of user logins and logouts, connection types, and related session information.

  • Click on the Processes link to display process change details

  • Click on the Component Internal link to list details of internal application changes.

  • Click on an individual number link to view the details for changes in that time period. If there are more than 250 changes in a time window, the number will not be a link. Use the Filters to change the time range covered by this screen.

Viewing Changes by User

To display changes by user, use the User Events screen. This screen allows you to browse actions taken by a specific user account on monitored devices. To access this screen navigate to Visualization --> Event Visualization --> User Events.

Use the alphabet links or search input at the top to narrow the list of accounts displayed, or search for a specific user name.

The User Accounts links list the user names for all user accounts. If the account is a domain account, the account will be displayed as the domain name followed by a slash and the user name. If a user name exists on many servers, it will be displayed here only once. Some user names listed on this screen may be OS users or component internal users such as database users.

Once you click the link for a user account, the User Events screen lists the managed devices (for OS users) or component instances (for component internal users) where the account exists. Click the link for the device whose changes you want to view to display the Activity Summary Report.

The Activity Summary Report screen lists login/logoffs and process and file activity. It also displays CPU activity associated with the account as a percentage of all CPU usage. The Login/Logoff, Process Activity, File Activity, and CPU Usage rows display an X if there are reported activities during the time period.

  • Change or adjust the time period

    Select the time and scale and click Apply Filters

  • Drill down to a specific time period

    Click on a column entry to access the details about that time period.

  • View a detailed report

    Click View Details to display the Activity Details Report described below.

The Activity Details Report summarizes user processes, file changes, login activity and CPU usage for the specific device and timeframe if you chose an OS user. If you chose a component internal user, such as a database user, you will see component internal object change events (such as database tables) instead of files and processes. The login/logout for a component internal user will be based on login/logout of the component being looked at.

To list the files that the specific user changed, select the box to show files changed by user. Otherwise, the list will include all file changes during the time period on the device by any user.

Note:

The number of files changed can be significant. To reduce the number of changes displayed, reduce the time interval using the filter feature.

For process activity, there are two types of X markers that can be in any time slot. An X that is not a link means that the given process was running during this time period, but did not start or stop (for example: no change activity). If there is an X with a link, that means that there was at least one start or stop of that process during this time period. Clicking the X will take you to a screen to see the actual events.

To view details, you can:

  • Click on a column entry to view the process, file changes and login/logout activity details.

  • Click on the numbers under the date to zoom into the next time scale.

View files changed by user. The following fields are displayed:

  1. Pattern. Enter the process or file pattern to filter the search output. Use the wildcard "*" character to create a search string.

  2. Specify User. Select the option Files Changed by User to only view files that have been changed by the specified user. Unselecting this option will show counts of all file changes by all users on the selected device during the specified time interval. This feature can only be used when the audit log has been enabled on the managed device.

  3. Start Time. Specify the session time frame by selecting the time, date and scale.

  4. Click Apply Filters.

To view details for User Login Logout Events, display the User Change Visualization screen. To access this screen, navigate to Visualization --> Event Visualization --> User Events --> Click a Username in User Change Visualization.

From the User Change Visualization screen:

  1. Click on a device where the user exists.

  2. In the Activity Summary Report screen, click the View Details button.

  3. In the Activity Detail Report screen, click an X link in the time column for an activity to display a list of events.

Viewing Application Changes

The Application Change Visualization screen enables you to view changes to an application within a specific portion of the monitored infrastructure.

To access this screen, navigate to either Visualization --> Change Visualization --> Application Events or Visualization --> Event Visualization --> Application Events.

You can select from several modes to define the view:

  • Application View (the default). View and select specific applications and component instances.

  • Component View. Displays applications categorized by Component Type and Component.

Expand individual applications or component types or select Expand All to list and select individual elements.

Once you have selected the component(s) or application(s), click Generate Report. The resulting Application Events Visualization screen displays details on the changes to the selected set of applications.

Click the application name link to view a change report listing the component instances that make up the application. The rows display the number of reported activities during the time window for each component instance.

If you click on a count link from any of the screens, the details screen will display where you see the events that occurred in that time range on that given component instance. If you instead click on a component instance link under the device column, you walk through each object type and object that had changes.

Visualizing Changes Across Devices (Global Events)

The Global Events Visualization screen displays changes across devices within a specific time period. Select the devices or device groups, then apply further filters for processes, files, users or component internal events.

To access this screen, navigate to Visualization --> Event Visualization --> Global Events.

  • Select the groups or devices you want to report on, or use the Selection Helper to search for a specific device.

  • Click Show Selected. You will be prompted to refine the report parameters.

Refine the filters for the report by completing these steps:

  1. Select Process, File, User, or Component Internal from the pull-down menu.

  2. Enter a name for a process or user, or a path for a file.

  3. Select the time frame.

  4. Click Apply Filters.

Visualizing Changes Over Time

Use the Time Event Journal to view changes across devices over a specific hour or 15-minute block of a specific date. This screen lets you track activity by user, process, file, or application-internal entity, across devices.

To access this screen, navigate to Visualization --> Event Visualization --> Time Event Journal. Follow these steps to fill in the screen:

  1. Select the start time and scale for the time event journal.

  2. Select the Operating System and Application Internal Users for which to track activity. Use the Ctrl-click key sequence to select multiple users from the drop-down lists.

  3. Enter a process, filename, or component internal entity to track. Patterns are allowed.

  4. Select the devices or device groups.

  5. Click Show Selected to create the time change report.

Visualizing Database Inventory

Use the Database Inventory screen to view snapshot results of queries run against a component instance monitored by a Snapshot type rule set. This screen displays a chronological listing of logged query results. Each query time stamp displays as a link through which you can view the full archived query result. Selecting a new component instance from the drop-down list will automatically display all queries associated with that application.

To access this screen, navigate to Visualization --> Event Visualization --> Database Inventory.

In the list of query results, the second column indicates whether there has been a change from the previous snapshot. The oldest snapshot will always be listed as N/A. In cases where an older version of the agent is running, you may see N/A for other entries because the older versions of the agent did not keep track of changes between snapshots.

Use the drop-down filters to select the component instance for which to display archived query results. Complete these steps:

  1. Select the device group from the filter bar.

  2. Select the device whose agent is responsible for monitoring the database instance from the Device drop-down menu.

  3. Select the individual component instance from the Component Instance drop-down menu.

  4. Select the start time and scale for the stored query results.

  5. Click Apply Filters.

  6. From the list of snapshot query results, you can choose the following actions:

    • Locate the query you wish to review. Click a timestamp link to view the archived query result.

    • Check two queries for which you want to contrast the results to view specific differences between the two snapshots.

For each stored query the following information will display:

  • Query Name. The name given to the query within the component template.

  • Description. Description of the query's function, as defined in the component template.

  • Query Statement. Displays the configured SQL query run within the database.

  • Snapshot Time. Date and time the query was executed in the database server.

  • Row(s) Truncated. Indicates whether all rows that exist in the database table were returned for the database query. Displays the values true (there are rows in the tablespace not featured in the snapshot) or false (all rows are represented in the snapshot).

  • Column(s) Truncated. Indicates whether all columns in the database table were returned for the database query. Displays the values true (there are columns in the tablespace not featured in the snapshot) or false (all columns are represented in the snapshot).

  • Query Result. The results of the SQL Statement presented in the format returned by the database.

Analyzing Infrastructure Change Trends

The Trend Analysis screens provide access to a rich variety of infrastructure trend information for managed devices and applications.

To access this screen, navigate to Visualization --> Infrastructure Trends.

The following table displays the infrastructure components.

Table 11-4 Infrastructure Change Trends

Component Description

Current Processes

Information about active processes, as defined in monitoring policies, currently running on managed devices

Processes

CPU utilization and memory usage for specific processes over a fixed period of time

Files

File changes for a managed device

CPU

CPU utilization trends for a specific time interval on a managed device: Average, minimum and maximum percentage of CPU usage. Note that under the monthly view, the maximum value reflects the average maximum throughout the month.

Memory

Total and virtual memory usage for a managed device over a time interval: Average, minimum and maximum percentage of Memory usage. Note that under the monthly view, the maximum value reflects the average maximum throughout the month.

File System

Available and consumed file storage capacity on a managed device

Component Internal

Changes to component internal objects and specified data points within the component

Detected Users

Information about users with login activity to a monitored application

OS User Activity

CPU usage for all processes a user runs during a specific time interval


By displaying information in a graphical format, these screens help you spot unusual patterns, trends, or potential problems before they become significant. Most of the screens are updated every five minutes, as the various agents that gather information report back to the Configuration Change Console server. To access the screens, select the appropriate screen from the Infrastructure Trends menu.

Each of the screens will prompt you to select specific device groups and devices, and may also prompt for time windows, applications, CPU, and so on. Where possible, information is displayed in a graphical format, making it easier to spot trends. For example, the Memory screen shows Memory utilization trends over time.