Converse agora com nosso suporte
Chat com o suporte

Change Auditor 7.1.1 - User Guide

Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Disable Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags

Working with an On Demand Audit configuration

You can view the On Demand Audit configuration details in Change Auditor; however, the configuration is managed (paused, started, or removed) through On Demand Audit. See the On Demand Audit User Guide for details.

To view existing details of the subscription created by the configuration:
1
From the Administration Tasks, select Configuration | On Demand Audit.
2
Click Refresh to update the information.
The following subscription information is displayed.
Table 1. Subscription properties
Property
Description

ActiveBatchSize

The current batch size. (The current number of events to include in a single notification message.) The batch size is automatically adjusted based on network throughput and system performance. Its value never exceeds the specified batch size.

AllowedCoordinators

List of coordinators permitted to send events.

BatchSize

Batch size. (The maximum number of events that the active batch size can increase to.)

BatchesSent

Number of batches sent.

Enabled

Whether the subscription is enabled.

EventsSent

Number of events sent.

LastCoordinator

The coordinator that is sending events. If the subscription is disabled, this is the last coordinator that sent events.

LastEventResponse

The last event response. Provides the response in JSON format from the event receiver.

LastEventTime

When the last event was sent.

NotificationInterval

How often how often (in milliseconds) notifications are sent.

StartTime

Starting point in time for events being sent.

Subscription Id

The subscription ID.

Subsystems

Subsystems that contain the event data being sent.

Webhook Subscription Id

The webhook subscription ID.

To pause, start, or remove a configuration
1
From the Administration Tasks, select Configuration | On Demand Audit.
2
Click the link to access On Demand Audit.

 

 

Enable/Disable Event Auditing
Introduction
Audit Events page
Enable/disable event auditing
Modify event’s severity level or event class description
Define events to be captured based on results
View event information

Introduction

You can enable/disable the auditing of individual events so that Change Auditor is auditing only those events that are vital to your organization’s operation. In addition, you can modify the severity level (high, medium, or low) and description assigned to each event. The severity level is used when processing events and to help you in determining the potential level of risk associated with each configuration change event.

Audit Events page

The Audit Events page is displayed when Audit Events is selected from the Auditing task list in the navigation pane of the Administration Tasks tab, and lists all of the events available for auditing. It also displays the facility and subsystem to which the event belongs, the severity assigned to each event, if the event is enabled or disabled and the type of license that is required.

* 
NOTE: Changes made on this page are global and will apply to all Change Auditor agents.

The Audit Events page contains an alphabetical list of all the Change Auditor events, including the following information:

 
Table 1. Audit Events page: Field descriptions
Column
Description

Severity

Indicates the severity level assigned to each event:
Low
Medium
High

When your cursor is placed in this cell, a drop-down arrow is added allowing you to change an event’s severity setting.

Facility Name

Displays the name of the facility to which each event belongs.

Event Class

Displays a descriptive title for each event.

Status

Indicates whether the event is enabled or disabled.

When your cursor is placed in this cell, a drop-down arrow is added allowing you to either enable or disable the event.

License Type

Displays the type of Change Auditor license required for each event:
Any License
Active Directory
AD Query
EMC
Exchange
File System
Logon Activity
Skype for Business
NetApp
SharePoint
SQL

Results

Displays the result criteria used to capture change events. That is, you can use the options in this column to specify if an event is to be captured based on the results of the operation mentioned in the event.

All Results (default)
Success Only
Success and Failed Only
Success and Protected Only

For example, if you only want to capture successful events where the operation occurred as stated in the event, you would set this to Success Only. Then, if the change was prevented from occurring as stated in the event (because the object was protected by Change Auditor or the operation was prevented due to a factor/setting outside of Change Auditor’s control) the associated event would not be captured.

Subsystem

Displays the name of the subsystem to which each event belongs.

Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação