Chat now with support
Chat with Support

Change Auditor 7.0.3 - Web Client User Guide

Install Change Auditor Web Client Web Client Overview Overview Page Shared Overviews Administration Page Searches Page Search Results Page Administration Tasks Page Configuration Tasks (Administration Tasks Page) Auditing Tasks (Administration Tasks Page) Protection Tasks (Administration Tasks Page) Change Auditor Client Comparison

Search results grid

The search results grid displays a default set of data, which can be customized by using the controls in the column headings. As on other web client pages, you can modify the sort criteria and filter the contents to be displayed (see Customize table content). In addition, the search results grid allows you to group the results by column heading in order to create an expandable view of the events.

The grouping feature allows you to group data to create a collapsed view that can be expanded to view the individual events pertaining to that group.

NOTE: Selecting the F5 key to refresh your screen resets the data grid back to the grouping defined in the search’s Layout tab, removing any groupings that have been applied.

Event Details pane

The Event Details pane provides additional details about the event selected in the grid at the top of the Search Results page. The contents of this pane depends on the type of event selected. However, all events display the following details:

Severity

Displays the severity level assigned to the event.

Who

Specifies the name of the user who initiated the change. If available, the display name of the user account is also displayed in parenthesis.

When

Specifies the date and time when the change occurred.

Where

Displays the name of the server where the change occurred.

Source

Displays the source of the event:

Origin

If available, displays the NetBIOS name and IP address of the workstation or server from which the event was generated.

What

Displays a brief description of the change that occurred. There are three basic types of events generated that determine the ‘what’ information displayed:

Depending on the type of event, additional details may be displayed on this pane. See the Quest Change Auditor User Guide for a description of the additional fields that may be displayed.

Result

Indicates whether the operation mentioned in the event was successfully completed. Valid states are:

Subsystem

Defines the subsystem, or area of monitoring, where the event occurred (e.g., Active Directory, Service, Group Policy, etc.)

Action

Defines the action associated with the selected event.

Facility

Displays the event class facility to which the event belongs.

In the New Comments text box at the bottom of the dialog, enter the comments to be associated with the selected event then click Save. All previously saved comments appear listed in the comments text box at the top of the dialog.
6
To run a related search, expand the Related Search button and select the appropriate option:
Who: Select this option to run a query for all events generated by this user during the same date interval as that specified in the When tab of the selected event.
View Contact Card: For events with a user object, select this option to view the contact card for the user, which includes contact information as well as a list of the groups to which this user belongs.
Where: Select this option to run a query for all events captured by this agent during the same date interval as that specified in the When tab of the selected event.
View Resources: Select this option to display the Resources Details pane for this server, which includes: Machine Info, Processors, Drives, Shares, Services and Exchange Mailboxes.
See the Quest Change Auditor User Guide for more information about the information displayed on this pane.
What: Select this option to run a query for events captured for this event class during the same date interval as that specified in the When tab of the selected event.
When: Select this option to run a query for events that occurred on this date.
Origin: Select this option to run a query for events that originated from this workstation or server during the same date interval as that specified in the When tab of the selected event.
Object: Select this option to run a query for events generated against this object during the same date interval as that specified in the When tab of the selected event.
7
To restore a changed value to the previous value on a simple Active Directory object event, click the Restore Value button. If prompted for credentials, enter the credentials for a user with domain rights to access the selected object. (This button only appears for simple Active Directory object events, such as Add Attribute, Modify Attribute, Delete Attribute.)

Timeline view

The Timeline view contains event markers within an interactive timeline. The top band of the timeline contains event markers that correspond to the events returned as a result of a search. The bottom bands provide a zoomed out overview of the event markers displayed on the top band. The distribution and display of these event markers are predefined; however, these settings can be modified to meet your needs.

The Timeline view consists of the following main controls:

Use the tool bar buttons at the top of the page to return to the Data Grid view or close the Search Results page.

Grid

Click to display the search results in a Data Grid view instead of the Timeline view.

Close

Click to close the Search Results page.

Event markers

Event markers representing an individual event or a group of events are plotted on the timeline based on when the event actually occurred. The events associated with an event marker are controlled by the settings in the Timeline Display Settings dialog.

Each event marker contains the following components:

Event maker labels are displayed by default; however, you can clear the Show event label check box on the Timeline Display Settings dialog to hide all labels.
Related Documents