Managing Windows file system auditing is available through the following PowerShell commands:
Use this command to define a folder or file paths to audit.
Use this command to create a Windows file system auditing template.
Use this command to delete a Windows File System auditing template.
A connection obtained by using the Connect-CAClient command. | |
The CAWindowsFSAuditTemplate object to remove. Obtain the template objects using the Get-CAWindowsFSAuditTemplates command and filter to select the object to remove. | |
Removes template without prompting for a confirmation. The default is false. |
Remove-CAWindowsFSAuditTemplate -Connection $connection -Template $removeTemplate
Use this command to edit an existing Windows File System auditing template.
A connection obtained by using the Connect-CAClient command. |
Get-CAWindowsFSAuditTemplates -Connection $connection
Use this command to get a list of all available Windows File System auditing event classes.
A connection obtained by using the Connect-CAClient command. |
Get-CAWindowsFSEventClassInfo -Connection $connection
A connection obtained by using the Connect-CAClient command. | |
Use this command to specify a filter for the SQL Extended Events to audit when creating templates.
The available event and filter information obtained using the Get-CASQLExtendedEventsInfo command. | |
The operator to be used for comparison. See the output obtained from the Get-CASQLExtendedEventsInfo command for available operators for the specified filter field. | |
Use this command to specify the SQL Extended Events to audit.
The available event and filter information obtained using thee Get-CASQLExtendedEventsInfo command. | |
Use this command to create SQL Extended Events auditing templates.
A connection obtained by using the Connect-CAClient command. | |
The list of events to audit using New-CASQLExtendedEventsObject. | |
A list of event filters using New-CASQLExtendedEventsFilter. | |
An agent object obtained using the Get-CAAgents command. If not specified, it will expect an agent installed on the SQL server to be audited. The agent is used for SQL Extended Events session management and event auditing. |
Use this command to see all the SQL Extended Events templates that have been created.
A connection obtained by using the Connect-CAClient command. |
Get-CASqlExtendedEventsTemplates -Connection $connection
Get-CASqlExtendedEventsTemplates -Connection $connection | Filter.Where(_$.name = "MyTemplate")
Use this command to delete a specified SQL Extended Events template.
The template object obtained using Get-CASQLExtendedEventsTemplates. |
Remove-CASQLExtendedEventsTemplate -Connection $connection -Template $template
The following commands are available to manage Fluid File System auditing:
Use this command to see a list of all Fluid File Service clusters available to audit.
A connection obtained by using the Connect-CAClient command. |
Get-CAFluidFSClusters -Connection $connection
A connection obtained by using the Connect-CAClient command. | |
Use this command to get a list of all available FluidFS event classes.
A connection obtained by using the Connect-CAClient command. |
Get-CAFluidFSEventClassInfo -Connection $connection
Use this command to see all the Fluid File System templates available within your installation.
A connection obtained by using the Connect-CAClient command. |
Example: Get a list of all FluidFS templates
Get-CAFluidFSTemplates -Connection $connection
Use this command to get a list of all volumes on a specified cluster.
A connection obtained by using the Connect-CAClient command. | |
The name of the cluster from which to retrieve volume names. | |
Example: See a list of all available volumes on a cluster
Use this command to define which volumes to audit.
Use this command to create a Fluid File System auditing template.
Returns: A FluidFS template object.
A connection obtained by using the Connect-CAClient command. | |
The Change Auditor agents that are to receive the FluidFS events. | |
A connection obtained by using the Connect-CAClient command. | |
Clear-FluidFSTemplate -Connection $connection -Template $template
Use this command to edit an existing Fluid File System template.
NOTE: You can also use the Enable-CAAgentTemplate and Disable-CAAgentTemplate to enable or disable the template. |
A connection obtained by using the Connect-CAClient command. | |
The Change Auditor agents that are to receive the FluidFS events. | |
A connection obtained by using the Connect-CAClient command. | |
The service account credentials for the cluster to use when encrypting events. |
NOTE: When you delete a template (see Remove-CAAgentTemplate), the web application created in Azure Active Directory remains. You can delete the web application using the Azure management portal. If you do not have the portal, see https://technet.microsoft.com/en-us/library/dn832618.aspx for instructions. |
Use this command to create a template for auditing Azure Active Directory.
$connection = Connect-CAClient –InstallationName ‘Default'
The following permissions must be assigned to the Azure web application:
Once the required permissions are applied, click Grant admin consent for… and confirm with Yes.
An agent object obtained using the Get-CAAgents command. The agent will be used for Azure Active Directory auditing.
| |||
A connection obtained by using the Connect-CAClient command. | |||
Specifies whether auditing is enabled or disabled for Azure Active Directory. |
An agent object obtained using the Get-CAAgents command. The agent will be used for Azure Active Directory auditing.
| |||
A connection obtained by using the Connect-CAClient command. | |||
A template object obtained by the Get-CAAzureADTemplates command. | |||
Specifies that you want to create a new Azure web application. The Azure Active Directory sign-in page opens automatically.
To apply the consent to all the users in your organization, click to enable Consent on behalf of your organization and click Accept.
| |||
Set-CAAzureADTemplate -Connection $connection -Template $template -SignIns $True
-AuditLogs $True
Use this command to see all the Azure Active Directory templates available within your installation.
A connection obtained by using the Connect-CAClient command. |
© ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center