Much of our workforce works remotely, and most of those employees, 700+ have Windows 10 Tablets. When our tablets connect to the Internet SALT communicates back to our datacenter. One of the things it does is update a custom field in Open-Audit with a last seen date/time. This happens every 10 minutes. As a result, the Edit logs for our end-user devices are filled with SALT last seen entries.
Is there a way to stop the custom field from generating an entry in the Edit log when it changes?
Is it an option to have SALT update the Last Seen and Last Seen by fields found on the Summary>Details section?
The short answer is no - changes are kept for audit purposes. I would definitely look at updating the last_seen attribute instead. That's what it is for I'd leave your custom field for last seen by though. This is deliberately set to one of a list of options (nmap, snmp, ssh, ssh_audit, wmi, wmi_audit, audit).
What is Salt sending back to the server - an audit result? If so, just remove the custom field from the audit and it should "just work" for last_seen. What is Salt using for Last Seen By?
Powered by a free Atlassian Confluence Open Source Project License granted to Opmantek. Evaluate Confluence today.