Converse agora com nosso suporte
Chat com o suporte

Change Auditor 7.4 - User Guide

Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Disable Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags

Agent Configurations

Introduction

Change Auditor assigns the default configuration to each agent, including both server agents and workstation agents, during deployment.

The default configuration consists of the following settings:

You can define and assign different agent configurations to each deployed server agent from the Agent Configuration page on the Administration Tasks tab. However, workstation agents always use the default configuration; they cannot be assigned to a different agent configuration.

When the default configuration is modified, workstation agents will only receive these modifications when the polling interval determines there has been a change; clicking Refresh Configuration on the Agent Configuration page only pushes agent configuration changes out to server agents.

To enable custom auditing and protection, you must assign templates to an agent’s configuration. The custom auditing and protection features that require custom templates to be assigned to an agent’s configuration are:

NOTE: The NetApp, EMC, SharePoint, and Office 365 auditing templates define which agents are used to capture events; however, these templates do not use the agent configurations from the Agent Configuration page as described in this section. See the Quest Change Auditor for NetApp User Guide, Quest Change Auditor for EMC User Guide, Quest Change Auditor for SharePoint User Guide, Office 365 and Azure Active Directory Auditing User Guide.

 

Agent Configuration page

This page displays when Agent is selected from the Configuration task list in the navigation pane of the Administration Tasks tab. From here you can define and assign agent configurations.

The following information is available for each deployed server agent. To display columns not on by default, use the Field Chooser button located to the far left of the column headings.

Active Directory

No

Indicates whether Active Directory auditing and/or protection has been defined.

ADAM (AD LDS)

No

Indicates whether ADAM (AD LDS) auditing and/or protection has been defined.

Agent

Yes

Displays the NetBIOS name of the server that hosts the Change Auditor agent.

Agent FQDN

No

Displays the fully qualified domain name (FQDN), consisting of the host and domain name including the top-level domain, of an agent.

Configuration

Yes

Displays the name of the agent configuration assigned to each agent listed.

Coordinator

No

Displays the computer name of the Change Auditor coordinator that an agent is connected through.

DB Size

No

Displays the size of an agent’s database.

Domain

Yes

Displays the name of the domain where the server resides.

EMC

Yes

Indicates whether an agent has been assigned to an EMC auditing template to receive EMC events.

Events Last 24 Hours

No

Displays the number of events encountered on the agent during the past 24 hours from when the Agent Configuration page is initially opened during the current client session or when the page is refreshed using the Refresh button.

The value in this field is a hypertext link and when selected launches a quick search to display the events generated in the last 24 hours.

Events Last Hour

No

Displays the number of events encountered on the agent in the last 60 minutes from when the Agent Configuration page is initially opened during the current client session or when the page is refreshed using the Refresh button.

The value in the field is a hypertext link and when selected launches a quick search to display the events generated in the last 60 minutes.

Events Today

No

Displays the number of events encountered on the agent since 12:00 a.m. of the current day (based on the relative coordinator computer's time).

The value in this field is a hypertext link and when selected launches a quick search to display today’s events.

Events Total

No

Displays the number of events encountered since the agent was started.

The value in this field is a hypertext link and when selected launches a quick search to display all events encountered since the agent was started.

Events Yesterday

No

Displays the number of events encountered between 12:00 a.m. yesterday and 12:00 a.m. of the current day (based on the relative coordinator computer's time).

The value in this field is a hypertext link and when selected launches a quick search to display yesterday’s events.

Exchange

No

For agents hosting Exchange, this column indicates whether Exchange Mailbox auditing and/or Exchange Mailbox protection has been defined.

Office 365

Yes

Indicates whether an agent has been assigned to an Office 365 auditing template to receive Exchange Online, SharePoint Online, and OneDrive for Business events.

Exchange Server

No

Indicates whether the server is an Exchange server.

Exclude Account

Yes

Indicates whether an Excluded Accounts Auditing template has been assigned to an agent’s configuration.

File System

Yes

Indicates whether a File System Auditing or File System Protection template has been assigned to an agent’s configuration.

Forest

No

Displays the name of the forest where the agent resides.

Group Policy

No

Indicates whether Group Policy protection has been defined.

Last Update

No

Displays the date and time when the agent configuration was last updated.

NetApp

Yes

Indicates whether an agent has been assigned to a NetApp Auditing template to receive NetApp filer events.

Registry

Yes

Indicates whether a Registry Auditing template has been assigned to an agent’s configuration.

Service

Yes

Indicates whether a Service Auditing template has been assigned to an agent’s configuration.

SharePoint

Yes

Indicates whether an agent has been assigned to a SharePoint Auditing template to capture SharePoint events.

SQL

Yes

Indicates whether a SQL Auditing template has been assigned to an agent’s configuration.

Skype for Business CMS

Yes

Indicates whether a Skype for Business template has been created for the Central Management Store SQL Server.

SQL Data Level

Yes

Indicates whether a SQL Data Level Auditing template has been assigned to an agent’s configuration.

Startup Time

No

Displays the date and time when the agent was last initialized.

Status

No

Displays the current status of the agent:

Type

No

Displays the agent platform:

Unsent Events

No

Displays the number of events that have not yet been sent to the coordinator.

Uptime

No

Displays how long the agent has been running.

Version

No

Displays the version number of the Change Auditor agent currently deployed.

Define agent configurations

2
Select Agent in the Configuration task list.
4
Click Add to create a new definition or click Copy to duplicate the configuration selected in the Configurations list box.

900 seconds

60 - 9999 seconds

5 seconds

5 - 999 seconds

300 seconds

60 - 600 seconds

10 hours

1 to 99999 hours

1500 events

100 - 99999 events

10000 events

100 - 100000 events

Sunday - Saturday
12:00 am - 11:59 pm

N/A

If your organization uses a proxy server to connect to the internet, these settings are required to audit Azure Active Directory and Office 365 targets. Selecting Validate Proxy Settings uses the configured settings to access a website through the proxy server. This test uses the https://www.quest.com web site.

Not set

fully qualified domain name, down-level name, or IPv4 address

8080

1- 65535

Not set

N/A

The settings on the File System tab only apply when Change Auditor for Windows File Servers, Change Auditor for EMC or Change Auditor for NetApp is licensed.

Enabled by default

10 seconds

1 - 600 seconds

Disabled by default

N/A

The settings on the AD Query tab only apply when Change Auditor for Active Directory Queries is licensed.

0 records

0 - 99999 records

20 milliseconds

0 - 99999 milliseconds

15 minutes

1 - 1440 minutes

Enabled by default

N/A

The setting on the Exchange tab only applies when Change Auditor for Exchange is licensed.

0 seconds

0 - 600 seconds

Disabled by default

N/A

Disabled by default

N/A

9
Once you have defined the new template, click OK to close this dialog and return to the Configuration Setup dialog. Select this new template, right-click and select Assign.
Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação