Chat now with support
Chat with Support

Change Auditor 7.1 - User Guide

Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Disable Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags

Agent Statistics grid

* 
NOTE: When agents are connected or disconnected, an Agent Status message will be displayed in the lower right corner of your screen. You can use the View Agent Statistics link in this message box to display the Agent Statistics page.

 

The Agent Statistics grid may contain the following information for each agent. The default column identifies the fields that are displayed by default. To display different fields, click the Field Chooser button located to the far left of the column headings and select the columns to be displayed:

 
* 
NOTE: All dates and times are based on the client’s current local date and time. The format used to display the date and time is determined by the local computer’s regional and language setting.
 
Table 1. Agent Statistics page: Field descriptions
Column
Default
Description

Active Directory

No

Indicates whether custom Active Directory auditing or protection has been defined.

ADAM

No

Indicates whether custom ADAM (AD LDS) auditing or protection has been defined.

Agent

Yes

Displays the NetBIOS name of the server that hosts a Change Auditor agent.

Agent FQDN

No

Displays the fully qualified domain name of the agent.

Architecture

No

Displays whether the agent is installed in a 32-bit (x86) or 64-bit (x64) environment.

Configuration

No

Displays the agent configuration assigned to the agent.

Coordinator

No

Displays the computer name of the Change Auditor coordinator(s) to which the agent is connected.

DB Size

Yes

Displays the size of the agent database.

Domain

Yes

Displays the name of the domain where the agent is located.

EMC

No

Indicates whether the agent is assigned to an EMC Auditing template to capture EMC events.

Events Last 24 Hours

No

Displays the number of events encountered on the agent during the past 24 hours from when the dialog is initially opened during the current client session.

The value in this field is a hypertext link and when selected launches a quick search to display the events generated in the last 24 hours.

Events Last Hour

No

Displays the number of events encountered on the agent in the last 60 minutes from when the dialog is initially opened during the current client session.

The value in this field is a hypertext link and when selected launches a quick search to display the events generated in the last 60 minutes.

Events Today

Yes

Displays the number of events encountered on the agent since 12:00 a.m. of the current day (based on the relative coordinator computer's time).

The value in this field is a hypertext link and when selected launches a quick search to display the events generated today.

Events Total

Yes

Displays the number of events encountered since the agent was started.

The value in this field is a hypertext link and when selected launches a quick search to display all events encountered since the agent was started.

Events Yesterday

No

Displays the number of events encountered between 12:00 a.m. yesterday and 12:00 a.m. of the current day (based on the relative coordinator computer's time).

The value in this field is a hypertext link and when selected launches a quick search to display the events generated yesterday.

Exchange

No

For agents hosting Exchange, this column indicates whether Exchange Mailbox auditing or Exchange Mailbox protection has been defined.

Exchange Server

No

Indicates whether the server is an Exchange Server.

Exclude Account

No

Indicates whether an Excluded Accounts Auditing template has been assigned to the agent’s configuration.

File System

No

Indicates whether a File System Auditing template or File System Protection template has been assigned to the agent’s configuration.

Forest

No

Displays the name of the forest where the agent resides.

Group Policy

No

Indicates whether Group Policy protection has been defined.

IP Address

No

Displays the IP address of the agent.

Last Update

Yes

Displays the date and time when the agent configuration was last updated.

Load

Yes

Displays the load status of the agent service in regards to processing events. Valid entries are:
Normal - agent service is running and processing events as expected
Medium - agent service has more than 100 events waiting
Critical - agent service has reached a critical load and events may be missed
Unknown - agent service is inactive; therefore, the load is unknown

NetApp

No

Indicates whether an agent is assigned to a NetApp Auditing template to capture NetApp filer events.

Registry

No

Indicates whether a Registry Auditing template has been assigned to the agent’s configuration.

Service

No

Displays whether a Service Auditing template has been assigned to the agent’s configuration.

SharePoint

No

Indicates whether an agent is assigned to a SharePoint Auditing template to capture SharePoint events.

SQL

No

Indicates whether a SQL Auditing template has been assigned to the agent’s configuration.

Startup Time

No

Displays the date and time when the agent was last initialized.

Status

Yes

Displays the current status of the agent:

active
inactive
uninstalled

Type

No

Displays the agent platform:

Domain Controller
Global Catalog
Server
Workstation

Uptime

Yes

Displays how long the agent has been running.

Version

No

Displays the version number of the agent currently deployed.

VMware

No

Indicates whether an agent is assigned to a VMware Auditing template to capture VMware events.

Workstation

No

Indicates whether this is a workstation agent.

In addition to selecting the fields to display, you can use the drop-down controls to define what servers/workstations are to be included on the Agent Statistics page.

The following table describes how to use these controls to filter the content displayed on the Agent Statistics page.

 
Table 2. Agent Statistics page: Filter controls
Control
Description

Type

Use the left-most control to specify the type of objects to be included in the display:
All - select to view all agented servers and workstations (default)
DCs - select to view agented domain controller servers
Servers - select to view agented servers regardless of domain membership
Workstations - select to view agented workstations (including workstations joined to the domain and workstation agents manually installed on non-Active Directory computers)

Active Directory view

By default, the Agent Statistics page provides a forest view of the servers found. However, you can use the right-most controls to limit your view to an individual domain or site.

Use the middle control to select the Active Directory view (forest, domain or site) then use the right-most control to select an individual forest, domain or site for which servers are to be displayed.

Resource Properties pane

The Resource Properties pane located across the bottom of the Agent Statistics page contains additional information about the agent selected in the Agent Statistics grid.

To display the Resource Properties pane:
1
To display this pane, select an agent from the Agent Statistics grid and click Show Properties.
2
Use the hide button in the upper right-hand corner of the Resource Properties pane to hide this pane.
* 
NOTE: The Resource Properties pane also appears when you select Related Search | View Resources on an Event Details pane. When accessed using the Event Details pane, the additional information is for the server referenced in the selected event.

The Resource Properties pane is divided into the following tabbed pages:
Machine Info page
Processors page
Drives page
Shares page
Services page
Exchange Mailboxes page

Machine Info page

The Machine Info page contains the following operating system and hardware-related information for the selected server.

 
Table 3. Resource Properties pane: Machine Info page field descriptions
Field
Description

TimeZone

The local machine’s time zone.

Offset (Hours)

The amount of time the unitary computer system is offset from Coordinated Universal Time (UTC).

Operating System

The left pane contains the following operating system details:

OS

The operating system running on the machine.

Version

The operating system version running on the machine.

Installed

The date and time when the operating system was installed on the machine.

Last Restart

The date and time when the machine was last restarted.

Language

The language version of the operating system installed.

SKU

The unique identifying number (SKU) assigned to the machine.

Service Pack

The version number of the latest Service Pack installed on the system.

Windows

The Windows directory of the operating system.

Computer System

The right pane contains the following computer system information:

Computer

The full name assigned to the computer.

Host Name

The name of the local computer according to the domain name server (DNS).

Domain

The domain to which the agented server belongs.

Domain Role

The role assigned to the computer within a domain workgroup. Possible values include:
0: Standalone Workstation
1: Member Workstation
2: Standalone Server
3: Member Server
4: Backup Domain Controller
5: Primary Domain Controller

Model

The manufacturer’s model number for the computer.

Roles

A list of the roles assigned to the system.

System Type

The type of system running on the Windows-based computer.

Physical Memory

The total amount of memory installed on the machine.

Processors page

The Processors page contains the following information about the processors on the selected server.

 
Table 4. Resource Properties pane: Processors page field descriptions
Field
Description

AddressWidth

The size (or width) of the address bus, which indicates the maximum amount of RAM a processor can address. Possible values include:
32: 32-bit operating system
64: 64-bit operating system

Architecture

The processor architecture used by the platform. Possible values include:
0: x86
1: MIPS
2: Alpha
3: PowerPC
5: ARM
6: Itanium-based systems
9: x64

Caption

A short description (one line string) for the object.

DataWidth

The size (or width) of the external data bus, which defines the rate at which data can be moved into or out of the processor. Possible values include:
32: 32-bit operating system
64: 64-bit operating system

ExtClock

The external clock frequency, in MHz.

Family

The processor family type.

L2CacheSize

The amount of cache memory available for the Level 2 processor cache.

L2CacheSpeed

The clock speed, in MHz, of the Level 2 processor cache.

L3CacheSize

The amount of cache memory available for the Level 3 processor cache.

L3CahceSpeed

The clock speed, in MHz, of the Level 3 processor cache.

Manufacturer

The name of the company that manufactured the processor.

MaxClockSpeed

The maximum clock speed, in MHz, for the processor.

Name

The label assigned to the processor.

NumberOfCores

The number of cores for the current instance of the processor.

NumberOfLogical
Processors

The number of logical processors for the current instance of the processor.

OtherFamilyDescription

The processor family type.

ProcessorId

The processor identifier that describes the processor features.

ProcessorType

The primary function of the processor. Possible values include:
1: Other
2: Unknown
3: Central Processor
4: Math Processor
5: DSP Processor
6: Video Processor

Revision

The architecture-dependent system revision level.

Stepping

The revision level of the processor in the processor family.

UniqueId

The globally unique identifier for the processor.

Version

The architecture-dependent processor revision number.

VoltageCaps

The voltage capabilities of the processor. Possible values include:
1: 5 volts
2: 3.3 volts
4: 2.9 volts
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating