Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience.
As a CA Admin, I would like to see Internal Change Auditor events generated when a coordinator is unable to send events to a SIEM subscription. (4306981)
As a CA Admin, I would like to see Internal Change Auditor events generated when a coordinator is unable to send events to a SIEM subscription.
Description
ER: They are concerned with resiliency so when the Splunk event subscription didn't move over to another coordinator they either want a notification that it couldn't communicate to the Splunk server or try another Coordinator till it found one that could. They use the Splunk forwarder to trigger alerts in Splunk they do not use CA to generate the alerts. Create an ER to try another Coordinator if it cannot connect to the subscription or at least a notification after x amount of time say an hour or have it failover to another Coordinator.
Resolution
STATUS
Enhancement request number 347467 has been submitted to Development for consideration in a future release of Change Auditor.
Your Request will be reviewed by our technical reviewer team and, if approved, will be added as a Topic in our Knowledgebase.
Recommended Content
Product(s):
Change Auditor
7.3, 7.2, 7.1.1
Topic(s):
Troubleshooting
Article History:
Created on: 2/23/2022 Last Update on: 10/3/2023
Thank you for your feedback for Topic Request
Your Request will be reviewed by our technical reviewer team and, if approved, will be added as a Topic in our Knowledgebase.
Welcome to Quest Support
You can find online support help for Quest *product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.
The Quest Software Portal no longer supports IE8, 9, & 10 and it is recommended to upgrade your browser to the latest version of Internet Explorer or Chrome.