• |
Change Auditor 7.4 is a major release, with enhanced features and functionality.
The following enhancements and features are available in this release:
• |
• |
Troubleshooting EMC events: If EMC events are not being audited by the Change Auditor agent, first check to see if the EMC CAVA agent service is running on your Windows Server where the EMC events are being collected. Second, check to see if the CEPP service on the EMC Data Mover is running or if the state is offline, by using the command: |
• |
Change Auditor agent requires File and Printer Sharing on Windows Servers: By default, File and Printer sharing are not enabled on Windows Server installations. To remotely install agents to Windows Servers (Full UI and Server Core), enable the File and Printer Sharing (SMB-in) Inbound rule in the Windows Firewall (Port 445) on the target host machine. |
• |
File System auditing for NAS and mapped network drives: Change Auditor does not support File System auditing on NAS devices or mapped network drives other than EMC Celerra/VNX/Isilon or NetApp Data ONTAP filers. |
• |
Microsoft Office files: Since the Change Auditor for Windows File Servers, NetApp, and EMC drivers capture events related to file activity, it is possible that a folder containing files being opened and edited by Microsoft Office products (Word, Excel, PowerPoint, and so on) will generate unexpected results. Understanding how MS Office products interact with the file system might help explain some of the audit events captured. See http://support.microsoft.com/kb/211632 for more details. |
• |
File System Auditing for SAN: Support and engineering will attempt to troubleshoot and resolve issues to the best of their ability when the SAN is attached to a Windows-based file server such that it appears as a local drive on that host. In this configuration, the SAN generally behaves as an extra disk drive on the server which can be audited by a Change Auditor agent on that server. Success in this configuration depends on many factors and is not guaranteed. |
• |
File System auditing: Change Auditor does not audit files with a size of zero (0) bytes. |
• |
Recompiling the Change Auditor MOF file: Change Auditor no longer ships with a MOF file as part of the coordinator installer. Should the CA WMI namespace become corrupt, or should there be an installation failure, the file can be recompiled using the following command line: |
• |
Exclude Change Auditor components and monitored processes from antivirus software: Quest recommends excluding the following Change Auditor components and monitored processes from any antivirus software that uses technology similar to “Buffer Overrun Protection” or “On Access Scanner”: |
© ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center