Chatta subito con l'assistenza
Chat con il supporto

Change Auditor 7.3 - User Guide

Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Disable Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags

Enable/Disable Event Auditing
Introduction
Audit Events page
Enable/disable event auditing
Modify event’s severity level or event class description
Define events to be captured based on results
View event information

Introduction

You can enable/disable the auditing of individual events so that Change Auditor is auditing only those events that are vital to your organization’s operation. In addition, you can modify the severity level (high, medium, or low) and description assigned to each event. The severity level is used when processing events and to help you in determining the potential level of risk associated with each configuration change event.

Audit Events page

The Audit Events page is displayed when Audit Events is selected from the Auditing task list in the navigation pane of the Administration Tasks tab, and lists all of the events available for auditing. It also displays the facility and subsystem to which the event belongs, the severity assigned to each event, if the event is enabled or disabled and the type of license that is required.

* 
NOTE: Changes made on this page are global and will apply to all Change Auditor agents.

The Audit Events page contains an alphabetical list of all the Change Auditor events, including the following information:

 
Table 1. Audit Events page: Field descriptions
Column
Description

Severity

Indicates the severity level assigned to each event:
Low
Medium
High

When your cursor is placed in this cell, a drop-down arrow is added allowing you to change an event’s severity setting.

Facility Name

Displays the name of the facility to which each event belongs.

Event Class

Displays a descriptive title for each event.

Status

Indicates whether the event is enabled or disabled.

When your cursor is placed in this cell, a drop-down arrow is added allowing you to either enable or disable the event.

License Type

Displays the type of Change Auditor license required for each event:
Any License
Active Directory
AD Query
EMC
Exchange
File System
Logon Activity
Skype for Business
NetApp
SharePoint
SQL

Results

Displays the result criteria used to capture change events. That is, you can use the options in this column to specify if an event is to be captured based on the results of the operation mentioned in the event.

All Results (default)
Success Only
Success and Failed Only
Success and Protected Only

For example, if you only want to capture successful events where the operation occurred as stated in the event, you would set this to Success Only. Then, if the change was prevented from occurring as stated in the event (because the object was protected by Change Auditor or the operation was prevented due to a factor/setting outside of Change Auditor’s control) the associated event would not be captured.

Subsystem

Displays the name of the subsystem to which each event belongs.

Enable/disable event auditing

You can enable or disable events to best suit your organization. To view or modify the current event auditing settings, use the Audit Events page, which is accessible through the Administration Tasks tab.

* 
NOTE: If event logging is enabled, enabling or disabling events in Change Auditor does not impact this setting and events will continue to be sent to the appropriate Windows event log.
To disable/enable individual events:
1
Open the Administration Tasks tab and click Auditing.
2
Select Audit Events (under the Configuration heading in the Auditing task list) to display the Audit Events page.
3
To disable an event, select one or more enabled events and click Disable. (Use the Shift or Ctrl keys to select multiple events.)
4
To enable an event,select one or more disabled events and click Enable. (Use the Shift or Ctrl keys to select multiple events.)
* 
NOTE: You can also disable or enable an event using the Disable/Enable tool bar button at the top of the Event Details pane on a Search Results page.
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione