Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Change Auditor 7.1.1 - User Guide

Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Disable Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags

Introduction

In addition to the overview information provided in the Top Agent Activity pane and Agent Status pane on the Overview page, you have two additional means of obtaining agent status and statistics:
The Agent Statistics page provides a global view of all installed (and if selected, uninstalled) Change Auditor agents, including the current status and other usage statistics for each agent.
The Change Auditor Agent Status dialog, which is accessed using the Change Auditor agent system tray icon, provides the status and usage statistics for a single agent.

You can also view or retrieve agent trace logs from the Agent Statistics page or by using the agent system tray icon.

Agent Statistics page

Use the View | Statistics | Agent menu command (or Ctrl+F11) to display the Agent Statistics page, which provides a global view of all installed agents. This page contains the following components:
Agent Statistics grid, located at the top of the page, consists of a list of agents and their current status and usage statistics.
Resource Properties pane, located across the bottom of the page, displays additional information about the selected agent.

Agent Statistics grid

* 
NOTE: When agents are connected or disconnected, an Agent Status message will be displayed in the lower right corner of your screen. You can use the View Agent Statistics link in this message box to display the Agent Statistics page.

 

The Agent Statistics grid may contain the following information for each agent. The default column identifies the fields that are displayed by default. To display different fields, click the Field Chooser button located to the far left of the column headings and select the columns to be displayed:

 
* 
NOTE: All dates and times are based on the client’s current local date and time. The format used to display the date and time is determined by the local computer’s regional and language setting.
 
Table 1. Agent Statistics page: Field descriptions
Column
Default
Description

Active Directory

No

Indicates whether custom Active Directory auditing or protection has been defined.

ADAM

No

Indicates whether custom ADAM (AD LDS) auditing or protection has been defined.

Agent

Yes

Displays the NetBIOS name of the server that hosts a Change Auditor agent.

Agent FQDN

No

Displays the fully qualified domain name of the agent.

Architecture

No

Displays whether the agent is installed in a 32-bit (x86) or 64-bit (x64) environment.

Configuration

No

Displays the agent configuration assigned to the agent.

Coordinator

No

Displays the computer name of the Change Auditor coordinator(s) to which the agent is connected.

DB Size

Yes

Displays the size of the agent database.

Domain

Yes

Displays the name of the domain where the agent is located.

EMC

No

Indicates whether the agent is assigned to an EMC Auditing template to capture EMC events.

Events Last 24 Hours

No

Displays the number of events encountered on the agent during the past 24 hours from when the dialog is initially opened during the current client session.

The value in this field is a hypertext link and when selected launches a quick search to display the events generated in the last 24 hours.

Events Last Hour

No

Displays the number of events encountered on the agent in the last 60 minutes from when the dialog is initially opened during the current client session.

The value in this field is a hypertext link and when selected launches a quick search to display the events generated in the last 60 minutes.

Events Today

Yes

Displays the number of events encountered on the agent since 12:00 a.m. of the current day (based on the relative coordinator computer's time).

The value in this field is a hypertext link and when selected launches a quick search to display the events generated today.

Events Total

Yes

Displays the number of events encountered since the agent was started.

The value in this field is a hypertext link and when selected launches a quick search to display all events encountered since the agent was started.

Events Yesterday

No

Displays the number of events encountered between 12:00 a.m. yesterday and 12:00 a.m. of the current day (based on the relative coordinator computer's time).

The value in this field is a hypertext link and when selected launches a quick search to display the events generated yesterday.

Exchange

No

For agents hosting Exchange, this column indicates whether Exchange Mailbox auditing or Exchange Mailbox protection has been defined.

Exchange Server

No

Indicates whether the server is an Exchange Server.

Exclude Account

No

Indicates whether an Excluded Accounts Auditing template has been assigned to the agent’s configuration.

File System

No

Indicates whether a File System Auditing template or File System Protection template has been assigned to the agent’s configuration.

Forest

No

Displays the name of the forest where the agent resides.

Group Policy

No

Indicates whether Group Policy protection has been defined.

IP Address

No

Displays the IP address of the agent.

Last Update

Yes

Displays the date and time when the agent configuration was last updated.

Load

Yes

Displays the load status of the agent service in regards to processing events. Valid entries are:
Normal - agent service is running and processing events as expected
Medium - agent service has more than 100 events waiting
Critical - agent service has reached a critical load and events may be missed
Unknown - agent service is inactive; therefore, the load is unknown

NetApp

No

Indicates whether an agent is assigned to a NetApp Auditing template to capture NetApp filer events.

Registry

No

Indicates whether a Registry Auditing template has been assigned to the agent’s configuration.

Service

No

Displays whether a Service Auditing template has been assigned to the agent’s configuration.

SharePoint

No

Indicates whether an agent is assigned to a SharePoint Auditing template to capture SharePoint events.

SQL

No

Indicates whether a SQL Auditing template has been assigned to the agent’s configuration.

Startup Time

No

Displays the date and time when the agent was last initialized.

Status

Yes

Displays the current status of the agent:

active
inactive
uninstalled

Type

No

Displays the agent platform:

Domain Controller
Global Catalog
Server
Workstation

Uptime

Yes

Displays how long the agent has been running.

Version

No

Displays the version number of the agent currently deployed.

VMware

No

Indicates whether an agent is assigned to a VMware Auditing template to capture VMware events.

Workstation

No

Indicates whether this is a workstation agent.

In addition to selecting the fields to display, you can use the drop-down controls to define what servers/workstations are to be included on the Agent Statistics page.

The following table describes how to use these controls to filter the content displayed on the Agent Statistics page.

 
Table 2. Agent Statistics page: Filter controls
Control
Description

Type

Use the left-most control to specify the type of objects to be included in the display:
All - select to view all agented servers and workstations (default)
DCs - select to view agented domain controller servers
Servers - select to view agented servers regardless of domain membership
Workstations - select to view agented workstations (including workstations joined to the domain and workstation agents manually installed on non-Active Directory computers)

Active Directory view

By default, the Agent Statistics page provides a forest view of the servers found. However, you can use the right-most controls to limit your view to an individual domain or site.

Use the middle control to select the Active Directory view (forest, domain or site) then use the right-most control to select an individual forest, domain or site for which servers are to be displayed.

Resource Properties pane

The Resource Properties pane located across the bottom of the Agent Statistics page contains additional information about the agent selected in the Agent Statistics grid.

To display the Resource Properties pane:
1
To display this pane, select an agent from the Agent Statistics grid and click Show Properties.
2
Use the hide button in the upper right-hand corner of the Resource Properties pane to hide this pane.
* 
NOTE: The Resource Properties pane also appears when you select Related Search | View Resources on an Event Details pane. When accessed using the Event Details pane, the additional information is for the server referenced in the selected event.

The Resource Properties pane is divided into the following tabbed pages:
Machine Info page
Processors page
Drives page
Shares page
Services page
Exchange Mailboxes page
Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation