Chat now with support
Chat mit Support

Change Auditor 7.4 - User Guide

Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Disable Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags

Search Results and Event Details

Introduction

Audit events are the changes captured by agents, reported to a coordinator, and then written to the database. These events can be retrieved and viewed through searches. When you run a search, Change Auditor searches the events in the database for the desired results. The results are then displayed in the Search Results page.

The terms ‘searches’ and ‘reports’ are used in conjunction to acquire the desired output. You run a 'search' and the results returned is a ‘report’.

Auditing and centralizing the collection of events is only one part of the total control and output required for enterprise security and compliance. It is equally important to be able to retrieve the real-time data and sort through it quickly and efficiently.

 

Search Results page

A new results page is created whenever a search is run. When a search is run, this page displays detailed information about the events found as a result of the search. This page consists of the following panes:

Search Results grid

The Search Results grid displays the events captured as a result of running a search from the Searches page. The top area of the grid displays the following information:

Use the Refresh button to redisplay the latest information.
When a large number of records are being captured for display, the Refresh button will become a Cancel button allowing you to cancel the search.

By default, the grid contains the following information about the events returned when a search is run. (You can specify the columns, sort order and grouping for a search, as well as the display format by using the Layout search properties tab.)

Action

Displays what change was made to the object.

AD Failure Reason

Displays the reason for the Active Directory failed event.

AD Failure Status Code

Displays the failure code for the Active Directory failed event.

Coordinator ID

The coordinator that processed the event.

Domain

Displays the name of the domain to which the agented server belongs.

Event

Displays the type of change that occurred.

Facility

Defines the event class facility to which the change event belongs.

Result

Indicates whether the operation mentioned in the event was successfully completed. Valid states are:

Server

Displays the name of the server where the change occurred.

Severity

Displays the severity assigned to a configuration change event:

Site

Displays the name of the site where the agented server resides.

Subsystem

Defines the subsystem, or area of auditing, where the change event occurred.

Time Detected

Displays the date and time when the agent captured the event.

User

Displays the name of the user who initiated the change.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen