Chat now with support
Chat mit Support

Change Auditor 7.4 - User Guide

Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Disable Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags

Where tab

The Where tab allows you to specify which agents to include (or exclude) in the search definition. You can select individual agents, all agents in a specific domain, or a given site. When multiple ‘where’ criteria is added to this tab, Change Auditor uses the ‘OR’ operator to evaluate change events, returning events captured by any of the specified agents, domains, or sites.

The Where tab contains the following information and controls:

Runtime Prompt

Select this check box to prompt for the ‘where’ criteria whenever the search is run. That is, when Run is selected, the Select Active Directory Objects dialog is displayed allowing you to locate and select the agents, domains, or sites to include in the search definition.

NOTE: When this check box is checked, Add is deactivated.

Exclude the Following Selection(s)

Select this check box to specify the agents, domains, or sites to exclude from the search. That is, Change Auditor is to return events generated from all agents except those listed in the Where list.

Where list

By default, all agents are included in a new search and therefore this list box is initially empty.

Once criteria is selected, this list box contains the agents, domains, sites, and server type (if specified) to include in the search (or exclude from the search if the Exclude the Following Selection(s) option is checked).

3
Click Add to add your selection to the selection list box at the bottom of the page.
NOTE: You can use Add With Events (instead of Add) to select an agent, domain, or site which already has an event associated with it in the database.
1
On the Where tab, expand Add and select Add Wildcard Expression.
For example, LIKE *local finds all agents with a NetBIOS name that ends in ‘local’.
3
After entering the wildcard expression to use, click OK to close the dialog and add the wildcard expression to the ‘where’ list.
1
On the Where tab, expand Add and select Add Server Types.
3
Click OK to close the dialog and add the server type to the ‘Where’ list.

When tab

The When tab allows you to limit the returned results of the search by date and time. By default, a new search is set to include the change events captured this week. The When tab contains the following information and controls:

Runtime Prompt

Select this check box to prompt for the date and time interval whenever the search is run. That is, when Run is selected, the When dialog is displayed allowing you to specify the date and time range to be used in your search.

NOTE: When this check box is checked, Add is deactivated.

Date Interval

Check one of the following options to change the default setting and define a different date range to limit your search.

From/To

Select this check box and enter the date range.

From: Enter the start date for your date range; or click the arrow control to display a calendar from which to select the start date. Only events that occurred on or after this date are included in the search.
To: Enter the end date for your date range; or click the arrow control to display a calendar from which to select the end date. Only events that occurred before or on this date are included in the search.

Last

Select this check box and the appropriate relative date and value (that is, number of minutes, hours, days, weeks, months, quarters, or years).

This

Select this check box and click the arrow control to select the appropriate date and time interval:

This Day: Start parameter is TODAY at midnight local time; end parameter is the current date and time.
This Week: Start parameter is midnight local time on the day specified in the First Day of Week parameter (Regional and Location setting) on the local machine (for example, SUNDAY); end parameter is the current date and time. (Default for new searches.)
This Month: Start parameter is the first day of the current month at midnight local time; end parameter is the current date and time.

Time Interval

Use this pane to specify a time range to further limit your search.

From

Use the arrow controls to select or enter the starting time for your time range. Only events that occurred at or after this time are included in the search.

To

Use the arrow controls to select or enter the ending time for your time range. Only events that occurred before or at this time are included in the search.

Reset

Use to clear the time interval settings.

From/To - select this option and enter the date range to use.
Last - select this option and the appropriate relative date and value (that is, number of minutes, hours, days, weeks, months, quarters, or years).
This - select this option and click the arrow control to select the appropriate time interval (that is, Day, Week, or Month).

Origin tab

The Origin tab allows you to search for events based on the workstation or server where the event originated. When multiple ‘origin’ criteria is specified on this tab, Change Auditor uses the ‘OR’ operator to evaluate change events, returning events that originated from any of the specified workstations or servers.

The Origin tab contains the following information and controls:

Runtime Prompt

Select this check box to prompt for the originating workstation or server whenever the search is run. That is, when Run is selected, the Add Origin dialog is displayed allowing you to enter the wildcard expression to locate a specific workstation or server.

NOTE: When this check box is checked, Add is deactivated.

Exclude the Following Selection(s)

Select this check box to specify the workstations or servers to exclude from the search. That is, Change Auditor will return events originating from all workstations and servers except those listed in the Origin list.

Origin list

By default, all events regardless of where they originated are included in a new search and therefore this list box is initially empty.

Once criteria is selected, this list box contains the wildcard expression used to locate the workstations and servers to include in the search (or excluded from the search if the Exclude the Following Selection(s) option is checked).

2
Click Add.
4
After entering the wildcard expression to use, click OK to close the dialog and add the wildcard expression to the ‘origin’ list.
NOTE: You can use Add with Events (instead of Add) to select a workstation or server that already has an event associated with it in the database. The workstations and servers available for selection are based on the ‘when’ clause (When tab) and the search limit (Info tab) specified for the current search.

Alert tab

The Alert tab allows you to enable alerting and define how and where to dispatch alerts. See Alert tab (Search Properties tabs) for a detailed description of the contents of this tab.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen