Add Active Directory Container dialog (AD Query)
 |
 |
This dialog is displayed when Add | Subsystem | AD Query or Add with Events | Subsystem | AD Query is selected on the What search properties tab (Searches page or the Purge Options page in the Purge Job wizard). From this dialog, you can specify the Active Directory objects to include in the selected search definition. In addition, you can specify a particular AD query to include in your search definition.
The following information and controls are included on this dialog:
Scope
Select one of the following options to define the scope of coverage:
|
▪ |
This Object - select this option to include the selected object only (Default when the Add With Events tool bar button is used) |
|
▪ |
Members of this group - select this option to show changes made to users in a specified group. Nested groups are not supported. |
AD Query
Use the AD Query fields to search for events that include a specific Active Directory query:
Filter - allows you to search for a query filter string used in an Active Directory query. Enter the query filter to include in the search definition. This field uses the Like operator; therefore, you can enter a partial string of characters to have Change Auditor return any Active Directory queries that use a filter string that contains the characters entered.
Attributes - allows you to search for attributes that are being queried. Enter the attributes to include in the search definition. This field uses the Like operator; therefore, you can enter a partial string of characters to have Change Auditor return any Active Directory queries that query attributes that contain the characters entered.
Results >= - allows you to search for queries that return a specific number of results. Enter the number of results to include in the search definition and Change Auditor will display the Active Directory queries that have returned results equal to or greater than the number entered.
Elapsed (ms) >= - allows you to search for queries that take a specific amount of time to complete. Enter the number of milliseconds to include in the search definition and Change Auditor will display the Active Directory queries that took the specified number of milliseconds or longer to run.
Transports - allows you to specify the type of transport protocols used to secure Active Directory queries. To include a specific transport, clear the All Transports check box. Valid options are:
|
▪ |
All Transports - this option is selected by default indicating that all AD Query events regardless of the transport protocol used are included in the search definition. |
|
▪ |
SSL/TLS - select this option to include LDAP operation or LDAP queries that are secured using SSL or TLS technology. |
|
▪ |
Kerberos - select this option to include LDAP operation or LDAP queries that are signed using Kerberos-based encryption. |
|
▪ |
Simple Bind - select to include LDAP operation or LDAP queries that are secured using simple bind authentication (neither SSL\TLS or Kerberos used). |
|
▪ |
Port - select to identify a specific port used for communication. |
|
|
NOTE: When you clear the All Transports check box and select both the SSL/TLS and Kerberos check boxes, only AD queries using both of these transport protocols are included in the search results. |
Directory Object Picker
If you have selected a scope other than the All Active Directory Objects, the directory object picker is enabled allowing you to select the objects to include in the search definition. Use either the Browse or Search page to search your environment to locate and select the directory objects to include.
If required, use the Forest drop-down box to select in which forest the objects reside. Foreign agent forests may require foreign forests credentials which can be entered on the Credentials Required dialog.
Use the Options page to view or modify the search options used to retrieve directory objects.
See Directory object picker for more information about using the Browse, Search or Options page of the Directory Object Picker.
Data Grid
The data grid replaces the directory object picker when the Add With Events option is selected. This grid displays a list of all the objects that have an audited event associated with it in the Change Auditor database.
Selected objects list
The list box at the bottom of this dialog displays the objects selected for the search definition. That is, only the objects listed are included in the search (or excluded from the search if the Exclude the Above Selection(s) is selected). Use the buttons located above this list box to add, remove, or update an object:
|
▪ |
Add - Click Add to add the selected object to the search definition. |
|
▪ |
Remove - From the Selected objects list, select the required object and click Remove. |
|
▪ |
Update Scope, AD Query - Select an object in the list, modify the scope or AD Query settings as required, then click the Update Scope, AD Query button to apply the changes made. |
Exclude the Above Selection(s)
Select this option to exclude the selected Active Directory objects from the search. When this check box is selected, Change Auditor returns AD Query events generated in all Active Directory objects except those listed in the Selected Objects list.
Runtime Prompt
Select the Runtime Prompt check box to prompt for the Active Directory objects to include whenever the search is run. That is, when the Run tool bar button is used, the Add Active Directory Container dialog is displayed allowing you to select the containers to be searched.
|
|
NOTE: When Runtime Prompt is selected, the AD Query option is disabled on the Add tool bar buttons on the What tab. |
Add Facilities or Event Classes dialog
| |
|
The Add Facilities or Event Classes dialog is displayed when Add | Event Class is selected on the What search properties tab (Searches page or the Purge Options page in the Purge Job wizard). This dialog allows you to search for individual event classes or all events associated with a facility.
From this dialog, select an event class or facility and click Add to add it to the list box located across the bottom of the dialog. Once you have made your selections, click OK to save your selection and close the dialog.
The following information and controls are included on this dialog:
Data grid
The data grid across the top of this dialog shows all the events available for auditing. It displays the following information for each event:
Restriction
When applicable, depending on the event class entry selected, an extra Restriction pane is displayed.
Use the restriction pane to specify ‘from’ and ‘to’ value restrictions. Select the appropriate check boxes and enter the values to define restrictions. Some examples of restrictions are:
For other event classes (for example, DNS, Distribution and Security groups) use the restriction pane to apply filter options for filtering by individual parameter values (for example, auditing of static DNS entries). The exact filtering options displayed in the restriction pane differ depending on the event class selected in the data grid.
Filter by parameter
Select this check box to filter the selected event class by using a specific parameter value. Once selected, the available parameter values will be activated for selection (for example, for the DNS Entry Type parameter, you can select Static and/or Automatically expiring).
Facility/Event class list
The list box at the bottom of the dialog displays the facility/event classes to include in the search (or exclude from the search if the Exclude the Above Selection(s) option is checked).
Use the buttons located above this list box as described below:
|
▪ |
Add | Add This Event - click Add and select Add This Event to add the selected event class to the Facility/Event Class list. |
|
▪ |
Remove - click Remove to remove the selected item from the Facility/Event Class list. |
|
▪ |
Update Restriction - Select an event class in the list, modify the restrictions as required, then click the Update Restriction button to apply the changes. This button is only available when an entry with a defined restriction is selected in the Facility/Event Class list. |
Exclude the Above Selection(s)
Select this check box to exclude the items listed in the Facility/Event Class list. When this check box is checked, Change Auditor will search for all event classes and facilities except for those listed.
Runtime Prompt
Select the Runtime Prompt option to prompt for the facility or event class criteria whenever the search is run. That is, when the Run tool bar button is clicked, the Add Facilities or Event Classes dialog is displayed allowing you to select the facility or event class to be included in the search.
|
|
NOTE: When the Runtime Prompt is selected, the Event Class option is disabled on the Add tool bar buttons on the What tab. |
Add Facilities or Event Classes dialog (Add With Events)
| |
|
The Add Facilities or Event Classes dialog is displayed when Add With Events | Event Class is selected on the What search properties tab (Searches page or the Purge Options page in the Purge Job wizard). This dialog allows you to search for individual event classes that have an event in the Change Auditor database.
From this dialog, select an event class or facility and click Add to add it to the list box located across the bottom of the dialog. Once you have made your selections, click OK to save your selection and close the dialog.
The following information/controls are included on this dialog:
Data grid
The data grid across the top of this dialog lists the event classes that have an event in the Change Auditor database. It displays the following information for each event:
Restriction
When applicable, depending on the event class entry selected, an additional Restriction pane is displayed across the middle of this dialog.
Use the restriction pane to specify ‘from’ and/or ‘to’ value restrictions. Select the appropriate check boxes and enter the values to define restrictions. Some examples of restrictions are:
For other event classes (for example, DNS, Distribution and Security groups) use the restriction pane to apply filter options for filtering by individual parameter values (for example, auditing of static DNS entries). The exact filtering options displayed in the restriction pane differ depending on the event class selected in the data grid.
Filter by parameter
Select this check box to filter the selected event class by using a specific parameter value. Once selected, the available parameter values are enabled for selection (for example, for the DNS Entry Type parameter, you can select Static and/or Automatically expiring).
Facility/Event class list
The list box at the bottom of the dialog displays the facility/event classes to include in the search (or exclude from the search if the Exclude the Above Selection(s) option is checked).
Use the buttons located above this list box as described below:
|
▪ |
Add | Add This Event - click Add and select the Add This Event option to add the selected event class to the Facility/Event Class list. |
|
▪ |
Remove - click Remove to remove the selected item from the Facility/Event Class list. |
|
▪ |
Update Restriction - Select an event class in the list, modify the restrictions as required, then click Update Restriction to apply the changes. This button is only available when an entry with a defined restriction is selected in the Facility/Event Class list. |
Exclude the Above Selection(s)
Select this check box to exclude the items listed in the Facility/Event Class list. When this check box is checked, Change Auditor will search for all event classes and facilities except for those listed.
Runtime Prompt
Select the Runtime Prompt option to prompt for the facility or event class criteria whenever the search is run. That is, when Run is clicked, the Add Facilities or Event Classes dialog is displayed allowing you to select the facility or event class to be included in the search.
|
|
NOTE: When the Runtime Prompt is selected, the Event Class option is disabled on the Add tool bar buttons on the What tab. |
Add File System Path dialog
| |
|
The Add File System Path dialog is displayed when Add | Subsystem | File System or Add With Events | Subsystem | File System is selected on the What search properties tab (Searches page or the Purge Options page in the Purge Job wizard). This tab allows you to select the path to be used to search for file system events.
The following information/controls are included on this dialog:
Scope
Select one of the following options to define the scope of coverage:
|
▪ |
All File System Paths - select this option to include all file system paths. (Default when the Add tool bar button is used.) |
|
▪ |
This Object - select this option to include specific objects only. (Default when the Add With Events tool bar button is used.) |
When any of the options, other than the All File System Paths option is selected in the Scope section, the controls at the bottom of this dialog are enabled to select the file system path to be included in the search.
Actions
The Actions check boxes allow you to define what types of actions to the selected file system paths to include in the search definition.
By default, All Actions is selected meaning that all the actions associated with the file system path will be included in the search. However, you can clear the All Actions option and select individual actions to be included in the search. The actions available are:
|
▪ |
All Actions - select this option to include all File System activities. (Default) |
|
▪ |
Add - select this option to include when a File System folder or file is added |
|
▪ |
Delete - select this option to include when a File System folder or file is deleted |
|
▪ |
Move - select this option to include when a File System folder or file is moved |
|
▪ |
Rename - select this option to include when a File System folder or file is renamed |
|
▪ |
Modify - select this option to include when a File System folder or file is modified |
|
▪ |
Other - select this option to include when any other type of activity occurs on a File System folder or file |
The Types check boxes allow you to define the types of file system objects that are to be included in the search definition.
By default, All Types is selected meaning all types of file system objects are to be included in the search. However, you can clear the All Types option and select individual types of file system objects to be included in the search. The types available are:
|
▪ |
All Types - select this option to include all types of file system objects (Default) |
|
▪ |
File - select this option to include only files |
|
▪ |
Folder - select this option to include only folders |
|
▪ |
Transaction - select this option to include changes that were committed or rolled back within a transaction |
|
|
NOTE: The Transaction option does not apply to NetApp or EMC events. |
Path
If you have selected a scope other than All File System Paths, use this field to specify the file or folder path to be searched.
|
|
NOTE: When using Add With Events, the Path field is populated based on the entry selected in the data grid and is read-only. The browse button is also disabled. |
Enter the file or folder path or click the browse button and select the file or folder to be searched:
When All Types or Folder is selected in the File System Path Type section, clicking the browse button will launch the Browse for Folders dialog where you can locate and select the local folder to be included in the search definition.
|
|
NOTE: When entering a folder in the Path field, place a backward slash ( \ ) at the end of the path or Change Auditor will treat the entry as a file instead of a folder. |
When File is selected in the File System Path Type section, clicking the browse button launches the Browse for Folders dialog (or system provided Open dialog when This Object is selected) where you can locate and select the local files to include in the search definition.
After selecting the folder and file to include, click Add to add it to the File System Path list.
File system path list
The list box at the bottom of the dialog displays the File System files or folders to include in the search (or excluded from the search if the Exclude the Above Selection(s) option is checked). Use the buttons above this list box to add, remove, and update entries:
|
▪ |
Add - click to add a file or folder to the File System Path list. |
|
▪ |
Remove - select the entry to remove in the File System Path list and click Remove. |
|
▪ |
Update - select the entry to update in the File System Path list, modify the actions, results, or File System Path and then click Update. The changes made are displayed in the list box. |
Data grid
A data grid is added to this dialog when the Add With Events | Subsystem | File System option is selected. This grid displays a list of all the File System paths that have an event associated with it in the Change Auditor database.
Select an entry in this data grid and click Add to add it to the File System Path list.
Exclude the Above Selection(s)
Select this option to specify that the files and folders listed are to be excluded from the search. When this check box is checked, Change Auditor will search all File System files or folders except those listed.
Runtime Prompt
Select the Runtime Prompt check box to prompt for the file system path whenever the search is run. That is, when the Run tool bar button is used, the Add File System Path dialog appears allowing you to enter the file system path to be searched.
|
|
NOTE: When Runtime Prompt is selected, the File System option is disabled on the Add tool bar buttons on the What tab. |
