Some of my favourite reports

doug_schulze · ‎10-03-2013

Authentication errors

Table: Discovery Log

Windows Auth Errors
Group By:
Schedule Name
(have to dot walk here and is a good example for this aspect of reporting)

Filter:
Created relative 48 hours ago (or how often your schedules are run)
Level is Warning
Message Contains Firewall
Source contains Classify

Windows Post Access errors
Group By:
Schedule Name
(have to dot walk here and is a good training for that aspect of reporting)

Filter:
Created relative 48 hours ago (or how often their schedules are run)
Level is Warning
Source does not contain Classify

Unix Auth Errors
Group By:
Schedule Name
(have to dot walk here and is a good example for this aspect of reporting)

Filter:
Created relative 48 hours ago (or how often your schedules are run)
Level is Warning
Message contains SSH Auth

Unclassified CI's
Group By:
Schedule Name
(have to dot walk here and is a good example for this aspect of reporting)

Filter:
Created relative 48 hours ago (or how often your schedules are run)
Message contains Name of

OR CI's that have been created or not been seen in a while or even created new

Table cmdb_ci_hardware
Group by
Class

Filter
Most recent discovery relative before "3 months ago"

New Devices:

Table cmdb_ci_hardware
Group by
Class

Filter
created relative after 48 hours ago

Ryan Zulli · ‎09-14-2015

As Discovery matures so have some of our Messages, a few updates to the reports above (for those on Eureka and higher) ::

Windows Auth Errors -

Group By:

Schedule Name (dot walk)

Filter:

Created relative 48hrs ago

Level is Warning

Message Contains Firewall

or

Message Contains Permission Denied

Source Contains Classify

Unix Auth Errors -

Group By:

Schedule Name (dot walk)

Filter:

Created relative 48hrs ago

Level is Warning

Message Contains SSH Auth

or

Message Contains No credentials