Chat now with support
Chat mit Support

Change Auditor 7.4 - User Guide

Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Disable Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags

Search Properties tabs

From a Search Results page, use the Search Properties tool bar button to display the Search Properties tabs across the bottom of the screen. This view consists of tabbed pages defining the criteria or properties which make up the selected search.

For a detailed description of the Info, Who, What, Where, Origin and Layout tabs and how to use them to create a custom search, refer to Custom Searches and Search Properties. For more information about the Alert tab, see Enable Alert Notifications and the Report tab, see Generate and Schedule Reports.

Event Details pane

Use the Event Details button on a Search Results page, Overview page, or Alert History page to display the Event Details pane. You can also double-click an event in the search results grid to display the Event Details pane for the selected event.

The following details about the selected event selected are available:

Severity

The severity level assigned to the search is displayed in the upper left-hand corner.

Who

This field specifies the name of the user who initiated the change. If available, the display name of the user account is also displayed in parenthesis.

When

This field specifies the date and time when the change occurred.

Where

This field displays the name of the server where the change occurred.

Source

This field displays the source of the event:

NOTE: If the Source field displays ‘ActiveRoles’ (instead of ‘ActiveRoles Server’) you are not using the latest integration scripts. If you want to take advantage of the additional events and initiator account information captured using the new integration scripts, ensure you are running Active Roles 6.9 (or higher) with Change Auditor for Active Directory 6.5 (or higher).

Origin

This field displays the NetBIOS name and IP address of the workstation or server from which the event was generated.

What

Displays a brief description of the change that occurred. There are three basic types of events generated that determine the ‘what’ information that will be displayed:

Depending on the type of event, additional details may be displayed at the bottom of this pane.

Result

Indicates whether the operation mentioned in the event was successfully completed. Valid states are:

Subsystem

The first field defines the subsystem, or area of monitoring, where the change event occurred (for example, Active Directory, Service, or Group Policy).

Action

This field defines the action associated with the selected event.

Facility

This field defines the event class facility to which the change event belongs.

Class

For Active Directory and Exchange events, this field displays the object class that was modified, such as user, group, computer, nTDSConnection, CrossRefContainer.

Attribute

If an attribute has been added, deleted or modified, this field displays the name of the attribute.

Type

For Active Directory events associated with groups, this field displays the type of group that was modified (for example, Global (Security), Domain Local (Security)).

For AD Query events, this field displays the type of query:

Object

For Active Directory and Exchange events, this field displays the name of the object that was modified.

Authentication

Indicates whether the LDAP operation is secured using the SSL (Secure Socket Layer)/ TLS (Transport Layer Security) technology, simple bind authentication, or signed using Kerberos-based encryption.

Port

For Active Directory, AD Query, and Exchange events, this field indicates the port used for authentication.

Scope

For AD Query events, this field displays the scope of coverage:

Results

For AD Query events, this field displays the number of results returned as a result of the query.

Occurrences

For AD Query events, this field displays the number of times the AD query occurred during the specified interval.

Since

For AD Query events, this field displays the date and time when the AD query was first initiated.

Elapsed

For AD Query events, this field displays how long the AD query took to run. Zero (0) indicates that it took less than a millisecond to complete.

Filter

For AD Query events, this text box displays the filter string used in the AD query.

Attributes

For AD Query events, this text box displays the attributes that were queried.

Path

For File System events (including EMC and NetApp), this field displays the full path of the file or folder where the modification occurred.

Process

For File System events, this field is populated with the full path of the application responsible for the file change.

Service

For Service events, this field displays the name of the services that were modified.

Key

For Registry events, this field displays the name of the registry key that was modified.

Value

For Registry events, this field displays the registry value that was modified.

Policy

For Group Policy events, this field displays the name of the group policy that was modified.

Section

For Group Policy events, this field displays what section of the group policy was modified.

Item

For Group Policy events, this field displays the group policy item that was modified.

Account

For Local Account events, this field displays the local account that was modified.

From

This text box lists the old value that was assigned to the object.

To

This text box lists the new value that is now assigned to the object.

Farm

For SharePoint events, this field displays the name of the SharePoint farm to which the modified component belongs.

URL

For SharePoint events, this field displays the name of the SharePoint site to which the modified component belongs.

Target

For SharePoint events, this field displays the URL of the SharePoint item that was modified.

Mailbox

For Office 365 Exchange Online mailbox events, this field displays the account name of the online mailbox where the change occurred.

Folder

For Office 365 Exchange Online mailbox events, this field displays the folder name where the change occurred.

Cmdlet

For Office 365 Exchange Online administration events, this field displays the name of the administrative cmdlet what was run.

Object

For Office 365 Exchange Online administration events, this field displays the name of the object within the administrative cmdlet that was modified.

Logon Start

For Logon Session events, this attribute displays the date and time when the user initially logged onto the computer.

Logon End

For Logon Session events, if applicable this attribute displays the date and time when the user logged out of the computer.

Duration

For Logon Session events, depending on the event this attribute displays how long the user session lasted or how long the user was actually logged onto the computer.

Session Start

For Logon Session events, this attribute displays the date and time when the current user session began.

Session End

For Logon Session events, if applicable this attribute displays the date and time when the current user session ended.

View search results

4
Use the column controls to sort, rearrange, or group the data displayed. See Customize table content for more information on using the column controls to customize the content of this page.
5
Change Auditor also provides advanced filtering options that allow you to modify the results of a search without changing the original search. Click in the Click here to filter data cell to enter the criteria to be used to filter the data displayed. See Filter data for more information on using Change Auditor’s filtering feature.

Display results in different formats

When a grouping is created (for example, a single column heading is dragged up into the heading area to group the data), three icons are added to the heading area which can be used to display the data in a different format. The following icons/formats are available:

Data Grid: Select the data grid icon to redisplay the data in the grid format (default format).
Pie Chart: Select the pie chart icon to display a pie chart showing the correlated data. Move your cursor over the pieces in the pie chart to display the label and number of items that make up that piece of the pie.
Bar Graph: Select the bar graph icon to display a bar graph showing the correlated data. Move your cursor over the bars in the graph to display the label and number of items that make up that bar.
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen