Auditing the CMDB
The “Audit” is an iTop feature designed to check the consistency of information stored in the iTop database. Using the audit, you can answer questions like: “Do we have an active support contract defined for any device in production?” or “Do we know the localization of all the servers for on-site support?”
The verifications are named audit rules.
Audit rules are grouped into audit
categories. A category defines the list of objects (the
scope) that must be compliant with the rules. This scope is defined
using an OQL query, so that the actual scope will be computed
dynamically. Example: all devices that are in production ⇒
SELECT Device WHERE status = 'production'.
An audit rule defines the actual constraint that needs to be checked. For instance “Devices being attached to an active support contract.”. It is also defined by an OQL query.
To add or modify an audit category or an audit rule, click on “Audit Categories” in the “Admin tools” module.
Understanding the Audit Report
The audit is run interactively by clicking the “Audit” link in the “Data administration” menu.
The audit report list all the categories to be audited. For each category the header line contains:
The number of objects in this category
The number of objects with at least one error (as reported by the category's rules)
The percentage of objects without error in this category
The for each rule, an additional line indicates:
the number of objects in error for this rule. Clicking on the number displays the list of objects in error
the percentage of objects without error for this rule
Managing Audit Categories
Available under the
An audit category is defined by a name, a description and a definition set. The definition set defines the scope of objects that will be subject to the related audit rules. It is an OQL query.
To create or remove audit rules for a given category, use the button “Create a new Audit Rule” or “Delete” from the “Audit Rules” tab on the Audit Category
An audit rule, for which the query reports the valid objects, is
less efficient in terms of performance, than the one directly
reporting the faulty ones. But before iTop 2.7, so before the
SELECT … WHERE id (NOT) IN (SELECT…) there
was sometime no other choices:
Managing Audit Rules
An audit rule is defined by a name, a description, the query to check and a Valid Object flag.
The query defines the list of objects (under the scope defined by the category) that pass/fail the audit.
Since it is sometimes easier to list the objects that pass the
audit than the objects that fail, the flag
? is used to indicate whether the query returns the “valid”
objects or the “invalid” ones.
If you set
Valid Objects ? to
objects returned by the rules will appear as red (means unvalid
objects), if you set it to
true, objects returned by
the rules will not appear.
Note that a rule is always linked to only one category; and this category determines the scope of the rule.
Audit Rules Sample
Teams without any member
SELECT Team AS t JOIN lnkPersonToTeam AS l1 ON l1.team_id=t.id WHERE l1.person_id != 0
This query returns Teams with at least one member so you have to
Valid Objects? to
Persons with notification equal to "yes" and no "email adress"
SELECT Person WHERE notify = 'yes' AND email = ""
This query returns Persons with notification equal to “yes” and
no “email adress” so you have to set
Valid Objects? to