NOTE: The following procedure provides the general steps involved in creating a custom search using the web client. Refer to Search Properties tabs for more information on specifying search criteria on the individual tabs. |
3 |
Click New Search at the top of the Searches page to activate the Search Properties tabs. |
| ||||||||||||||||||||||||||||||||||||||||||||||||
Search for events generated by a specific user, computer or group. By default, Change Auditor searches for events generated by all users, computers and groups. |
NOTE: Use the Add With Events tab to select a user, computer or group that already has an event associated with it in the database. | |||||||||||||||||||||||||||||||||||||||||||||||
Search for events based on subsystem, event class, object class, severity or result. By default, all entities are included in a new search definition. |
NOTE: Use the Add With Events tab (instead of the Add tab) on these dialogs to select from a list of objects that already have an event associated with it in the database. | |||||||||||||||||||||||||||||||||||||||||||||||
Search for events captured by a specific agent or within a specific domain or site. |
NOTE: Use the Add Wildcard tab to specify a wildcard expression to search for domains, sites or agents.
NOTE: Use the Add With Events tab to select agents, domains or sites that already have an event associated with it in the database. | |||||||||||||||||||||||||||||||||||||||||||||||
Search for events that occurred during a specific date/time range. By default, new searches will include the events captured this week. |
| |||||||||||||||||||||||||||||||||||||||||||||||
Search for events originating from a specific workstation or server. By default, Change Auditor searches for all events regardless of where they originated. |
NOTE: Use the Add With Events tab to select an originating workstation/server that already has an event associated with it in the database. |
5 |
6 |
• |
Save: Saves the search definition without running it. |
• |
Save As: Allows you to save the search definition to a different location within the folder hierarchy or using a different name. |
• |
Run: Saves and runs the search. A new Search Results page will be added to the web client populated with the events that met the search criteria defined. |
• |
Info tab: Allows you to enter a name and description for the search. |
• |
Who Tab: Allows you to search for events generated by a specific user, computer or group. |
• |
What tab: Allows you to search for events based on subsystem, event class, object class, severity or result. |
• |
Where tab: Allows you to search for events captured by a specific agent, domain or site. |
• |
When tab: Allows you to search for events that occurred within a specific date/time range. |
• |
Origin tab: Allows you to search for events that originated from a specific workstation or server. |
• |
Alert tab: Allows you to enable alerts for this query and define how and where to dispatch alerts. |
• |
Report tab: Allows you to enable reporting for this query and define the report recipients. |
• |
Layout tab - Allows you to define the data (columns) to be retrieved from the database and the sort order for displaying the retrieved data. |
• |
SQL tab - Displays the SQL script used to create the selected search definition. |
• |
XML tab - Displays the XML representation of the search criteria. |
The Who tab contains the following information/controls:
Clicking Add on the Who tab displays the Add Users, Computers, or Groups dialog allowing you to select the user, computer or group to be included in a custom search. Use the tabbed pages on this dialog as described below.
| |||||||||||
| |||||||||||
|
© ALL RIGHTS RESERVED. 이용 약관 개인정보 보호정책 Cookie Preference Center