Online Help

Audit services

The Audit services section in the Admin Center lets you monitor and manage all hosts with deployed audit services in your organization and download the Audit Service Tools package to deploy the service on new hosts.

The page displays a list of hosts with installed services. Click a host to open its properties, where you can view the details, manage associated credentials, see active tasks, configure the service, download debug logs, and perform other actions.

Selecting a host opens a sliding panel with these tabs: General, Credentials, and Tasks. The Configuration button in the upper-right corner provides access to the configuration settings.

Configuration

Click Configuration in the upper-right corner to open the configuration settings pane for this host. Here, you can adjust how the service records diagnostic logs and discovers devices.

Logging and diagnostics

The Log level setting controls the amount of diagnostic detail the audit service records. Available log levels:

  • Debug: Full diagnostic output

  • Info: General operational messages (default)

  • Warning: Non-critical issues

  • Error: Errors affecting service functionality

  • Error Critical: Only critical failures

When Debug is selected, the audit service automatically collects debug-level logs and uploads them to AlloyScan. The Download logs button then appears next to the Configuration button, allowing you to download the most recent debug log archive. Only the latest archive is kept by default (covering up to the last 24 hours).

Log entries generated at levels below Debug are stored locally on the host. These local logs are not uploaded to AlloyScan but can be viewed directly on the host, for example, by clicking the audit service icon in the system tray and selecting the option to open or view logs.

Setting up discovery and connection settings

These settings control how the audit service discovers devices when scanning Domain and Address list segments.

  • Quick scan using ping only (skip other methods): Controls whether the audit service relies only on ping results during discovery.

    • When enabled, the audit service discovers only computers and devices that respond to ping requests. It does not attempt any additional discovery methods for devices that do not respond to ping. This mode is faster and is recommended for large environments where scan speed is a priority.

    • When disabled, the audit service still discovers all computers and devices that respond to ping. If a device does not respond to ping, the audit service attempts additional discovery methods to detect offline or unreachable nodes.

      IMPORTANT: Disabling Quick scan using ping only (skip other methods) provides more complete discovery results but can significantly increase scan time.

    NOTE: Both scan modes start with a ping, so a non-zero Connection timeout (in ms) value is required.

  • Connection timeout (in ms): Specifies how long the service waits for a response when contacting a device before treating it as unreachable.

If an audit service is no longer needed, administrators can schedule it for deletion by clicking Schedule for deletion. Until the deletion occurs, the audit service remains visible in the list, allowing administrators to review or cancel the scheduled removal.

General tab

The General tab displays information about the computer hosting the audit service. This information helps identify the host and confirm communication status. The following fields are displayed:

  • Client ID: Unique system identifier assigned to this audit service instance. Each audit service is registered using a unique identifier, ensuring consistency and preventing conflicts in AlloyScan.

  • Host name: The name of the computer where the service is running.

  • IP address: The current IP address of the host.

  • Registration date: The date when the audit service was registered with AlloyScan.

  • Last active: The most recent time the service connected to AlloyScan.

Credentials tab

The Credentials tab lists the credentials that the audit service uses to scan and audit the associated segments. These credentials are required to access devices and cloud resources and collect detailed information during the audit.

At the top of the tab, use the + buttons to add new credentials for different types of devices you want this service to audit.

The table below displays all credentials currently associated with the service, showing the following information:

  • Title: The user-defined name identifying the credentials record

  • Type: The type of credentials

  • Has password: Indicates whether a password or secret was provided (shown by a lock icon)

For detailed information about setting up credentials for , refer to Segment audit credentials.

Tasks tab

The Tasks tab shows the history of operations performed by the audit service on this host. Each row in the table represents a task instance. The table includes: the device on which the task was executed, the task type, the date it started, the defined scan scope, the user or system component that initiated it, the current status, and any error details if the task encountered issues. You may filter each column using the filter icon next to its name, or sort by start date to see the most recent work first.

At the top left of the page is the View selector. The default view can be modified, saved under the same name, or saved as a new named view if you want to preserve a personalized layout.

To download the currently displayed task list in a structured format, click the Export data button.

INFO: For instructions on how to customize data views, see Customizing data views