Chat now with support
Chat with Support

Change Auditor 7.3 - Web Client User Guide

Install Change Auditor Web Client Web Client Overview Overview Page Shared Overviews Administration Page Searches Page Search Results Page Administration Tasks Page Configuration Tasks (Administration Tasks Page) Auditing Tasks (Administration Tasks Page) Protection Tasks (Administration Tasks Page) Change Auditor Client Comparison

Enable event logging

Using the Agent Configuration page you can also enable the event logging feature which writes Change Auditor events locally to a Windows event log. These event logs can then be collected using InTrust to satisfy long-term storage requirements.

2
From the left pane, select Agent (under the Configuration task list) to display the Agent Configuration page.
3
Click Event Logging.
5
Click OK to save your selection and close the dialog.

Coordinator Configuration page

The Coordinator Configuration page is displayed when Coordinator is selected from the Configuration task list in the navigation pane of the Administration Tasks page.

This page consists of the following panes:

SMTP Configuration - for enabling and configuring email alerting and reporting.
Group Membership Expansion - for defining the schedule for expanding nested membership of Active Directory groups that are referenced in searches (Who search criteria) or groups that are defined in the Member of Group auditing feature.
Agent Heartbeat Check - for specifying how long the coordinator service is to wait before an agent that is not sending updates will be marked as ‘inactive’. By default, the agent will be marked inactive after 30 minutes and the coordinator service will not attempt to restart the agent service.

Apply Changes

Use to save your coordinator configuration settings.

Test SMTP

Use to generate a test email based on the configuration information entered in the SMTP Configuration pane.

Test SNMP

Use to generate a test SNMP trap based on the configuration information entered in the SMTP Configuration pane.

To dispatch configuration change alerts or reports through email (SMTP), you must enable email notification on the Coordinator Configuration page.

For alerts, you can override the reply to, alert subject, signature and body content for individual search queries using the settings on the Alert tab (Search Properties tabs).

For reports, you can override the reply to address for individual search queries using the Report tab (Search Properties tabs).

2
Click Configuration.
3
Select Coordinator in the Configuration task list to open the Coordinator Configuration page.
4
On the SMTP Configuration pane, select the Enable SMTP for Alerts option to enable email alert notifications and reporting. Checking this option activates the remaining fields on this page to define the mail server to be used.
NOTE: Use the browse button to the right of the From Address field to launch the Select Exchange Users dialog.

On the Active Directory tab, use the Browse or Search page to locate and select an Active Directory user

If the Exchange Host information is entered at the bottom of the SMTP Configuration pane, an Exchange tab is added to this dialog. On this tab, enter a string at least three characters long in the Find field and click Search to lookup and select an Exchange user.

NOTE: Use the button to the right of the Reply To field to launch the Select Exchange Users dialog.

On the Active Directory tab, use the Browse or Search page to locate and select an Active Directory user.

If the Exchange Host information is entered at the bottom of the SMTP Configuration pane, an Exchange tab is added to this dialog. On this tab, enter a string at least three characters long in the Find field and click Search to lookup and select an Exchange user.

NOTE: Use the button to the right of the Alert Subject field to insert a variable into the subject line or to reset it back to the default content.
6
Optionally, click Configure Body to open the Alert Body Configuration dialog where you can define the content of the main body, the event details and the signature to be included in your alert emails. After configuring the alert body, click OK to return to the Coordinator Configuration page.
NOTE: The Alert Body Configuration settings do not apply to email reports. To define the content (columns) to be included in a report, use the Layout tab. In addition, you can use the Report Layouts page (Administration Tasks page) to create customized report layout template(s) defining the header and footer information to be used in your reports.
7
If the specified mail server requires authentication, select the My Server Requires Authentication check box and enter the account credentials to be used.
NOTE: Use the button to the right of the Account Name field to launch the Select User dialog (Directory object picker). From this dialog, use the Browse or Search page to locate and select a user.
Exchange Host - Enter the internet host name of your Exchange mail server. Use the field to the far right of the Exchange Host field to specify the Exchange version for your Exchange host.
Email - Enter your full email address.
My Host Requires Authentication - Select this check box if the Exchange host requires authentication and enter the Account Name and Password used to log into your email account.
NOTE: Use the button to the right of the Account Name field to launch the Select User dialog (Directory object picker). From this dialog, use the Browse or Search page to locate and select a user.
9
Click Test SMTP to test the mail server configuration.
10
Once the mail server configuration is verified, click Apply Changes to save the configuration.

Now that SMTP alerting/reporting is enabled and configured, you can enable email alert notifications for individual search definitions using the Alert tab (Search Properties tabs) and/or reporting for individual search definitions using the Report tab (Search Properties tabs).

In addition to the customizable fields (Reply To, Alert Subject and Signature) on the Coordinator Configuration dialog, you can use the Configure Body button to define the content to be used in the main body of your alert emails as well as the event details to be included.

NOTE: The Alert Body Configuration settings do not apply to email reports. To define the content (columns) to be included in a report, use the Layout tab. In addition, you can use the Report Layouts page (Administration Tasks page) to create customized report layout templates defining the header and footer information to be used in your reports.
1
Click Configure Body to display the Alert Body Configuration dialog.
2
On the Alert Body Configuration dialog, select the appropriate option (at the bottom of the dialog) to edit either the Plain Text (default) or the HTML representation of the alert emails. Use the tabbed pages to define the content of alert emails as described below.

Preview

View a sample email

2
Open the Preview tab to view a sample email using your defined format and content.

Main Body

Enter the text to be included and define overall layout of the alert body

Rearrange the entries, remove entries, modify/add text, or add variables.

1
Select the Show Variables check box to display the variables that can be added to the main body of your email.

Event Details

Specify the event details to be included

Rearrange the entries, remove entries, modify/add text, or add variables.

1
Select the Show Variables check box to display a list of the variables that can be added to the event details of your alert email.

Signature

Define the content of the signature line to be used in alert emails

Enter the text to be used in the signature line of alert emails.

3
Once defined, click OK to save your settings and close the Alert Body Configuration dialog.
NOTE: Click the Restore to Default button to revert back to the default email content and format.

By default, the Expand groups that are referenced in existing queries and selected groups option is selected on the group Membership Expansion pane of the Coordinator Configuration page. With the option selected, you can add groups to the Group Membership Expansion list as described below:

1
Click Add to display the Add Groups dialog.
4
Back on the Coordinator Configuration page, click Apply Changes to apply your changes regarding group membership expansion.

Enabling this option will disconnect clients from the coordinator after 30 minutes of inactivity. If this is not selected, the option to disconnect after 30 minutes of inactivity can be selected by users when they log on to the client.

Purge and archive jobs

Change Auditor provides several options that allow you to schedule both the purging of events from your database and archiving older data to an archive database. Automating database cleanup allows you to keep critical and relevant data online and current while eliminating or archiving events that are no longer required. This not only prevents your database from growing in size, but it increases overall operational efficiency by speeding up searches and data retrieval from the database.

Using the purge options, you can define and schedule jobs that will eliminate events from the database based on the following criteria:

select to create a yearly archive database for older events that are no longer required to be represented in your reports.

You will also see information regarding the status of reach job including:

Immediately continuing job: Displays when the purge portion of a ‘purge and archive’ job continues.
Archive database not found. Recreating archive database: Displays if an archive database has been moved or deleted.
Starting job: Displays when the purge, archive, or purge and archive job is beginning.
Successfully finished job: Displays when the purge and archive, purge, or archive job is finished.
New archive database created: Displays when the new archive database has been created for the calendar year.
Events archived: Displays the progression of the number of events being archived.
Total events archived: Displays the total number of archived events when archiving is finished.
Continue purge job: Displays when re-queued purge jobs run again.

Planning your jobs

Planning your jobs before scheduling them will help ensure they run as expected. Keep in mind, all jobs can take a significant time to run depending on the amount of data in your environment.

When scheduling your jobs, consider the following:

When multiple jobs types are scheduled to run close together the following behavior will occur:

Because of this the “purge” jobs may not complete before the “archive” or “purge and archive” jobs run if you do not plan properly.

During a purge and/or archive job, consider the following:

After the purge and/or archive job completes, consider the following:

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating