Compliance and Change Reporting

The Compliance Policy Violation report is seeded when you have ProScan / Change Management in Open Manage Network Manager. Inventory Compliance Attributes for reporting can also appear in report templates when you install ProScan. These report in-compliance or out-of-compliance, the last compliance date (when last compliant or not compliant), last config date (when configuration last changed), last checked date (when change was last determined).

You can also run the Change Determination Report that displays changes made to configurations.See Reports for more about reporting capabilities.

The Change Determination Report report displays detected changes based on a configuration change flag set when Open Manage Network Manager detects a change made to the device. To successfully execute this report, you must enable a scheduled Change Determination Process. The process must run before the reports has any contents. To run the process, go to the Schedules portlet, and schedule that change determination process.

Reporting Limitations

The Configuration Change Report only reports on incremental configuration changes discovered in the CD process. Simply making changes to configurations and backing them up in Open Manage Network Manager does not ensure these appear in Configuration Change Reports. They appear in reports only after running the CD process.

The Configuration Change Report includes a Filter that you can alter at runtime. By default, the report filters on Type only. If you want more filter criteria--like device IP, and/or date ranges--you must edit the Report filter. To edit the filter, in the Reports manager, right click the Configuration Change Report, and select Open, then edit the filter in the Filter screen by selecting that node on the left.

A recommended best practice is to execute the CD process as an operation run against multiple resources following a scheduled group backup of these resources. If you run backups every day, the Configuration Change Report then shows the daily changes, until they are purged from the database.

The application stores the specifics of what changed for future reporting.

Report on Change Determination

Follow these steps to produce regular change determination reports:

1. First, insure the devices you want to scan are discovered, and send change notifications to the application server.

Check your vendor’s manuals to determine how to forward configuration change information to Open Manage Network Manager for your system.

2. When Open Manage Network Manager receives a configuration change notification, the device transmits an event to the Open Manage Network Manager mediation server. When received, this event automatically generates an event called Open Manage Network ManagerEquipmentConfigChangeNotification. Event history displays that notification.

3. When Open Manage Network Manager receives the Open Manage Network ManagerEquipmentConfigChangeNotification event, it can initiate (if enabled) an event processing rule called Configuration Change.

This processing rule triggers a flag in the Open Manage Network Manager database saying a change has occurred in the device’s configuration and that Open Manage Network Manager should run change determination against the device when requested.

4. When you run Open Manage Network Manager’s change determination process, it reviews the flag setting in the database and backs up a managed device if the flag indicates a change. This backup updates the Open Manage Network Manager system label Current which is then compared to the Open Manage Network Manager system Change Determination label. Open Manage Network Manager then writes the differences between the two labelled configurations to its database, where it is available for reporting purposes.

5. Once this occurs, the Change Determination label moves to point to the same configuration which is reflected by the Current label.

6. The report which can run to display these changes is Open Manage Network Manager’s Configuration Change Report. It displays the name of the device in question, the IP address, date/time of change, who made the change, what was removed and what was added. You can schedule this report to run immediately after an Change Determination process too, so you can capture a history of changes.