Auditing the CMDB

The “Audit” is an iTop feature designed to check the consistency of information stored in the iTop database. Using the audit, you can answer questions like: “Do we have an active support contract defined for any device in production?” or “Do we know the localization of all the servers for on-site support?”

Example of a simple audit report

The verifications are named audit rules.

Audit rules are grouped into audit categories. A category defines the list of objects (the scope) that must be compliant with the rules. This scope is defined using an OQL query, so that the actual scope will be computed dynamically. Example: all devices that are in production ⇒ SELECT Device WHERE status = 'production'.

An audit rule defines the actual constraint that needs to be checked. For instance “Devices being attached to an active support contract.”. It is also defined by an OQL query.

To add or modify an audit category or an audit rule, click on “Audit Categories” in the “Admin tools” module.

Understanding the Audit Report

The audit is run interactively by clicking the “Audit” link in the “Data administration” menu.

Explanations of the Audi Report

The audit report list all the categories to be audited. For each category the header line contains:

  • The number of objects in this category
  • The number of objects with at least one error (as reported by the category's rules)
  • The percentage of objects without error in this category
  • The for each rule, an additional line indicates:
    • the number of objects in error for this rule. Clicking on the number displays the list of objects in error
    • the percentage of objects without error for this rule

Managing Audit Categories

Available under the Administration menu

Audit Category menu

An audit category is defined by a name, a description and a definition set. The definition set defines the scope of objects that will be subject to the related audit rules. It is an OQL query.

New Audit Category

To create or remove audit rules for a given category, use the button “Create a new Audit Rule” or “Delete” from the “Audit Rules” tab on the Audit Category

New Audit Rule reporting faulty objects

An audit rule, for which the query reports the valid objects, is less efficient in terms of performance, than the one directly reporting the faulty ones. But before iTop 2.7, so before the support of SELECT … WHERE id (NOT) IN (SELECT…) there was sometime no other choices:

New Audit Rule reporting valid objects

Managing Audit Rules

An audit rule is defined by a name, a description, the query to check and a Valid Object flag.

The query defines the list of objects (under the scope defined by the category) that pass/fail the audit.

Since it is sometimes easier to list the objects that pass the audit than the objects that fail, the flag Valid Objects ? is used to indicate whether the query returns the “valid” objects or the “invalid” ones.

If you set Valid Objects ? to false, objects returned by the rules will appear as red (means unvalid objects), if you set it to true, objects returned by the rules will not appear.

Note that a rule is always linked to only one category; and this category determines the scope of the rule.

Audit Rules Sample

Teams without any member
JOIN lnkPersonToTeam AS l1 ON 
WHERE l1.person_id != 0 

This query returns Teams with at least one member so you have to set Valid Objects? to false

Persons with notification equal to "yes" and no "email adress"
SELECT Person 
WHERE notify = 'yes' 
AND email = "" 

This query returns Persons with notification equal to “yes” and no “email adress” so you have to set Valid Objects? to true

latest/admin/audit.txt · Last modified: 2023/07/21 10:19 (external edit)
Back to top
Contact us