The Audit Trail is a collection of text file logs that contain information about the interaction of a Runbook with external tools and systems. This provides a quick method to identify what and who made changes for audit purposes.
How to activate/deactivate the Audit Trail:
- Open a command prompt with the Run as administrator privilege.
- and go to C:Program Files (x86)Microsoft System CenterOrchestrator 2012Opalis Integration ServerManagement Service
- To activate the Audit Trail: atlc /enable
- To deactivate the Audit Trail: atlc /disable
Where are the audit files ?
The file contains information about the date and time at which the policy was launched, the user name and domain that launched the policy, the name of the computer where the policy ran, and the name of the policy that was launched.
For having a better view, I advise your to copy/paste the output into a XML indenter tool (Example : http://xmlindent.com/).
Depending on how many policies you run and how many objects those policies contain, the Audit Trail may consume a large amount of disk space on the computer that runs the management server and action server. (When a file reaches 200 megabytes in size, a new file is created) Two solutions, active it only when needed and cleaned the files after, or create a little Runbook for archiving these files to another location.
Microsoft System Center Orchestrator 2012 Resources :
Microsoft System Center Orchestrator 2012 beta is available as public beta at the Microsoft Download Center : http://www.microsoft.com/download/en/details.aspx?id=26503
Microsoft System Center Orchestrator 2012 Team Blog : http://blogs.technet.com/b/scorch/
TechNet Forums for System Center Cross Platform and Interoperability :http://social.technet.microsoft.com/Forums/en-US/category/scinterop
TechNet Library – Audit Trail : http://technet.microsoft.com/en-us/library/gg464925.aspx