Enable MID audit log
The MID Server command audit log records details such as the command name, command hash, name of credential used, and execution status.
The MID Server command audit log tracks details such as the command name, command hash, name of credential used and execution status. When enabled, users with the agent_security_admin role can view these logs in the MID Server Command Audit Logs [ecc_agent_command_audit_log] table. Navigate to to see this table.
Set mid.log.command_audit.enable property to true in the MID Server Properties [ecc_agent_property] table for each MID Server to turn on auditing for commands run by the MID Server.
For more details on setting this property, see MID Server command audit log.
For information about MID Servers and how they work, see MID Server.
More information
| Attribute | Description |
|---|---|
| Configuration name | mid.log.command_audit.enable |
| Configuration type | MID Server Property [ecc_agent_property] record |
| Data type | Boolean |
| Recommended value | true |
| Default value | false |
| Fallback value | false |
| Category | Error handling and logging |
| Security risk |
|
| Functional Impact | None |
| Dependencies and prerequisites |
This setting only applies to instances using an active Management, Instrumentation, and Discovery (MID) Server. A MID Server enables communication and movement of data between a ServiceNow instance and external applications, data sources, and services. Setting up a MID Server requires downloading the MID Server package on a Linux or Windows host, setting up the connection with the given ServiceNow instance and configuring additional settings. Information and references can be found at MID Server. After it has been set up, a MID Server appears as a record in the MID Servers [ecc_agent] table on connecting instance. |