Audits

SECURITY  Refer to Global > Audit in Permissions.

SECURITY  Refer to Sites > Audit in Permissions.

NAVIGATION  Devices > All > select one or more devices (check boxes) > click the Row Actions icon > Request Audit

NAVIGATION  Device summary page > click the More icon > Request Audit. To view the various navigation paths you can use to access the device summary page, refer to Device summary.

NAVIGATION  Sites > All Sites > click the name of a site > select one or more devices (check boxes) > click the Row Actions icon > Request Audit

NAVIGATION  A targeted list of devices > select one or more devices (check boxes) > click the Row Actions icon > Request Audit. To view the navigation paths for the various targeted lists of devices, refer to Targeted lists of devices in Devices.

About audits

An audit is an inventory of the hardware and software installed on a device as logged by the Datto RMM Agent. As consecutive audits are performed, changes to the hardware and software are tracked in a change log. The data is stored on the device and added to the device record.

Refer to the following topics:

A full audit is a complete inventory audit of a device taken at the time the Agent is installed, or when a network device is assigned a Network Node. A full audit of a device can also be initiated manually at any time.

A delta audit is a list of the changes to the audit information on the device since the last audit. Delta audits are performed automatically on a regular schedule but they can also be initiated manually.

Refer to Request Audit in Devices and Request Audit in Device summary.

IMPORTANT  Device audits are rate limited. Only three audits may be performed per device over a five-minute time frame. This rate limiting applies to both full and delta audits.

Agent Type / Device Type Full Audits Delta Audits
Managed devices • Right after Agent installation
• Manually when a single device is selected. Refer to Request Audit in Devices and Request Audit in Device summary.		 • Every 24 hours
• Upon successful completion of a job
• After all patches of a patch policy have been applied (or the patch window has expired). If the policy does not require the device to reboot or shut down, the device will audit immediately. If a reboot is required, the audit will run after the reboot.
• Manually when multiple devices are selected. Refer to Request Audit in Devices and Request Audit in Device summary.
Network devices (including printers and ESXi hosts) • When a device is assigned a Network Node
• When the device's device type is updated
• Manually
• Every 24 hours		 N/A
OnDemand devices • Right after Agent installation, and then once every seven days
• When the OnDemand Agent has been activated by the end user		 N/A

NOTE  If a Network Node is assigned to a device that has an Agent installed, the Network Node will not audit the device, just perform monitoring against it.

Following a device audit, a patch scan is triggered by the following events:

  • Patch Management policy has run
  • Initial full audit (right after Agent installation)
  • Regular audit every 24 hours
  • Manual audit (when a single device or multiple devices are selected)

Note that a patch scan is not triggered by the following:

  • Quick jobs
  • Scheduled jobs
  • Alert response components
  • User tasks

For more information about the patch scan process, refer to Determining a device's patch status.

The Datto RMM Agent Service (CagService) logs audit messages in the Agent log files in the form of Audit reason: REASON (for example, Audit reason: REQUESTED_BY_PLATFORM). For information about the location of the log files, refer to Location of the log files in Agent log files.

The audit reasons the Datto RMM Agent sends to the platform are the following:

  • REQUESTED_BY_PLATFORM
  • SET_AS_NETWORK_NODE
  • AFTER_REBOOT
  • WMI_REPOSITORY_RESET
  • INTERVAL
  • AES_IN_PROTECTION_STATE
  • PATCH_POLICY_AUDIT_ONLY
  • AFTER_INSTALLING_PATCHES
  • AFTER_AUTOMATIC_JOBS
  • AFTER_JOB