Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Change Auditor 7.4 - User Guide

Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Disable Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags

Services page

The Services page contains the following information about the services installed on the selected server.

Description

A comment that explains the purpose of the service.

DisplayName

The display name used by user interface programs to identify the service.

Name

The unique name assigned to the installed service.

PathName

The fully qualified path of the executable file for the service.

ProcessId

The process identifier of the service.

ServiceType

The type of service provided to calling processes:

StartMode

The start mode of a Windows base service:

StartName

The name of the account under which the service should run.

State

The current state of the service:

Exchange Mailboxes page

For Exchange Mailbox servers, the Exchange Mailboxes page displays a list of the Exchange mailbox databases on the selected server.

Agent system tray icon

An agent icon in the system tray allows you to enable, disable, or display the status of the agent installed on the current server.

Whenever an agent is not active, a status indicator will appear in the lower left corner of this icon to represent its current status:

You can load the agent system tray icon using one of the following methods:

Click Advanced Options on the Deployment page to launch the Advanced Deployment Options dialog. From this dialog, select the Yes option for the Launch ServiceStatusTray on startup setting.
NOTE: By default, the Do not change option is selected which indicates that you want to use the current setting for the agent system tray icon. That is, if you already have it set to launch on startup it will continue to operate that way. Similarly, it will not launch on startup if this is a clean install and you have not previously set it up to do so.

By right-clicking on the agent system tray icon, a context menu is displayed which consists of the following commands:

Agent Status

Displays the Change Auditor Agent Status dialog which assists you in determining if the agent is running, what version is installed, and how active the agent is. See Change Auditor Agent Status dialog for a full description of this status dialog.

Enable/Disable Agent

Starts or stops the agent service.

Find More Connections / Retry Connections

Looks for more coordinators in a forest than the agent automatically found.

When the agent is connected to a coordinator that is not currently running, use the Retry Connections command to reattempt to connect to a coordinator.

Refresh Configuration

Applies a new agent configuration to the selected agent.

Coordinator Credential Configurator

Use to enter the credentials of the agent that can be used to find and connect to a coordinator in an Active Directory forest.

View Agent Log

Opens the log viewer to review the events recorded in the Change Auditor agent log (ChangeAuditor.AgentLog.nptlog).

For example: %ProgramFiles%\Quest\ChangeAuditor\Agent\Logs\ChangeAuditor.AgentLog.nptlog

Load on startup

Automatically loads the system tray application when the agent service starts.

About

Displays information about the agent including the installed version number and licensing information.

Exit

Closes the system tray application.

Change Auditor Agent Status dialog

The Change Auditor Agent Status dialog helps you determine if the agent is running and what version is installed on the domain controller. The other status information in the dialog is broken down into the following sections:

Agent Information - displays the status, version number, the coordinator installation name to which the agent is connected, and the agent’s database size
Events - displays audit event activity
Coordinator Connection - displays information regarding the connection between the agent and the coordinators

This dialog contains the following status information:

Agent is

The current agent status:

Version

The current version of the agent installed on the server.

Installation Name

The installation name assigned to the coordinator to which the agent is connected.

DB Size (KB)

The size of the agent database, in kilobytes. This is dependent on the number of monitored Active Directory, registry and file system objects, and the number of events queued for transmission to the coordinator. If a coordinator is not available, this database may become large. When the events are successfully sent to a coordinator, the database space is re-used for subsequent events, but the displayed database size will not decrease.

License

The licenses that are applied. Use the arrow controls to scroll through the licenses.

Contains indicators of internal Change Auditor activity and may be used by Quest Support should they need to diagnose agent problems.

AD Events

If licensed (Change Auditor for Active Directory), this is the number of Active Directory related events processed by the agent. This field will be blank for agents running on member servers.

ADAM Events

If licensed (Change Auditor for Active Directory), this is the number of ADAM events processed by the agent.

Exchange Events

If licensed (Change Auditor for Exchange) and configured, this is the number of Exchange Mailbox events processed by the agent.

Local Security Events

If licensed (Change Auditor for Active Directory), this is the number of local user and group (SAM) events processed by the agent.

File System Events

If licensed (Change Auditor for Windows File Servers) and configured, this is the number of File System events processed by the agent.

Registry Events

If configured, this is the number of Registry events processed by the agent.

SQL Events

If licensed (Change Auditor for SQL Server) and configured, this is the number of SQL Server events processed by the agent.

NetApp Events

If licensed (Change Auditor for NetApp) and configured, this is the number of NetApp filer events processed by the agent.

EMC Events

If licensed (Change Auditor for EMC) and configured, this is the number of EMC events processed by the agent.

SharePoint Events

If licensed (Change Auditor for SharePoint) and configured, this is the number of SharePoint events processed by the agent.

Azure AD Events

If licensed (Change Auditor for Active Directory) and configured, this is the number of Azure AD events processed by the agent.

ADFS Events

If licensed (Change Auditor for Logon Activity) and configured, this is the number of ADFS events processed by the agent.

Logon Events

If licensed (Change Auditor for Logon Activity User), this is the number of user logon activity events processed by the agent.

Office 365 Events

If configured (Change Auditor for Exchange and Change Auditor for SharePoint), this is the number of Exchange Online, SharePoint Online, and OneDrive for Business events processed by the agent.

Other Events

This is the number of events processed by the agent that do not ‘fit’ into the other event categories (such as Authentication Services events, Service events, etc.).

Excluded Events

If configured, this is the number of events excluded by the agent because they originated from a user or computer that was defined as an excluded account.

Skype for Business Events

If licensed (Change Auditor for Skype for Business) and configured, this is the number of Skype for Business events processed by the agent.

Connected

The computer name (and SCP port) of the coordinators to which this agent is currently connected.

NOTE: For more details on agent connection behavior, see Installation Notes and Best Practices in the Quest Change Auditor Installation Guide.

All

The list of all available coordinators in the installation.

Last Conf Update

The time when the agent last downloaded the agent configuration information/settings.

Events Last Sent

The local time when the last event was sent. If no events have been detected by Change Auditor recently, this time may be fairly old.

Events Sent

The number of events that have been sent to a coordinator since the agent was last started.

Acknowledged

The number of events that a coordinator has acknowledged.

Normally, this value will be the same as the Events Sent. However, it may be smaller if the coordinator is not running or if a large number of events are being processed by the coordinator which may be slowing it down. Events may also be lost due to communication problems, in which case the agent will try to re-send the events.

Events Waiting

The number of events in the agent database that are waiting to be forwarded to a coordinator.

This value should be at or near zero when the server is idle, but can grow if it is busy. If the value never returns to zero, it may indicate that the agent is having difficulty communicating with the coordinator service. If this is the case, contact Technical Support for assistance.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation