Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Server Automation10.51

Administer > Audit and compliance > Audits, audit policies, and audit results > Audit and remediation rules > Configuration rules

Configuration rules

Some rules are very simple to configure and define and do not require anything more than selecting the server objects that you want to snapshot or audit. Some rules might check to determine whether a value or property exists on a configuration file on a server, without the need for setting any advanced parameters.

Example:The Discovered Software rule checks for all registered and unregistered software that is installed or deployed on a target servers.

Example: The Hardware rule allows you to check the CPU, memory, or storage values that exist on target servers. In this case, no extra rule parameters are necessary.

Other rules are more complex and require more advanced configuration, such as specifying an expression that looks for a range of values and specifies remediation that replaces undesired values.

In an audit and audit policy, you can also define what, if any, remediation value you would like the object to have. Remediation values are used only if a server object is found to be different than the desired state—where the configuration on the target server is out of compliance with the rules of the audit. Remediation values are implemented manually, after the audit has been run, from the Audit Result window.

An audit rule consists of the following components:

Server Object: This is a specific server configuration that an audit can evaluate, such as a server’s file system, application configuration values, hardware information, installed software (patches and packages), Windows Registry entries, and so on. A server object typically consists of several other objects that you can check as well.

For example, on a Windows server you want to know if a specific Windows service exists on target servers and whether or not it is enabled.
Target Value: This is a value or setting you want to check for on the target server.

For example, you might want to determine if a specific directory exists on a server, an application is configured properly, a particular service is enabled, and so on.
Remediation Value: This is the value that you want to change for the server object during remediation, if the target value is not found on the target server. The remediation value is not automatically implemented. You must make the remediation change after the audit has run.

The following figure illustrates an audit rule defined for an ESXi Server.

In this figure, the audit rule has been configured in the following manner:

Linked Audit Policy: Lists the audit policy.
Rules Details
- Check - Target Value: This is the desired value compared against the value on the target of the audit.
Remediation: The remediation value determines the action to take if the value on the target server does not match the value you defined in the audit (target value).
- Remediation Value: Additional arguments.
- Remediation Description: Description.
Technical Description: Describes the value that is being checked on the target server.
This information instructs the audit to evaluate the target server’s Application Event Log file size and determine whether it exceeds 16MB.
Properties: Details of the Test ID, External ID, Severity Level, and list of Platforms.

Send Help Center feedback