Chat now with support
Chat with Support

Change Auditor 7.4 - Installation Guide

Installation Overview Install Change Auditor Add Users to Change Auditor Security Groups Connecting to the Clients Deploy Change Auditor Agents Upgrade Change Auditor Installation Notes and Best Practices Deployment Options Workstation Agent Deployment Agent Comparison Install an agent to audit ADAM (AD LDS) on workgroup servers Windows Installer Command Line Options

Agent behavior notes

When an agent comes online, it queries the Active Directory Catalog (GC) for a list of all coordinator SCPs within its same installation to determine which to connect to.

When there are available coordinators within the agent’s site, the agent connects to all coordinators in the site. When there are no coordinators running within the agent’s site, the agent connects to any online coordinator. However, when coordinators within the site come back online, the agent switches to connect to just the coordinators within the same site and drop nonsite coordinator connections. If this behavior is problematic for your environment, contact Quest Technical Support to discuss possible configuration options.

The connection behavior after these initial steps depends on the type of agent:

Change Auditor server agents: Starting with Change Auditor 6.0, server agents submit events to all coordinators in the site and load balancing occurs automatically. All connected coordinators can then participate in receiving events from the server agent, allowing a high volume of events to be distributed for processing.
Change Auditor workstation agents: The workstation agents randomly connect to a single coordinator. This enables ‘scaling out’ options for large workstation agent deployments within a single site.

Junction point creation may fail on a server where both a Symantec™ Backup Exec™ CPS agent and a Change Auditor agent are running. To resolve the problem, upgrade the CPS agent to 12.5 or later.

Client notes

Some events are disabled by default to improve the initial deployment process and reduce the amount of audited event information initially collected. These audited events can easily be enabled on the Audited Events page of the Administration Tasks tab.

See the appropriate Event Reference Guide for a list of the events that are disabled by default.

By default, connections to a SQL Server are not encrypted; however to encrypt all data transmitted between an application computer and a computer running a SQL Server instance, you can use the Secure Sockets Layer (SSL). For more details on configuring client network protocols, see the following Microsoft article:

ADAM (AD LDS) auditing

Run the appropriate Change Auditor Agent.msi file on the workgroup server to install an agent to monitor ADAM (AD LDS) instances on nondomain servers. See Install an agent to audit ADAM (AD LDS) on workgroup servers for more information.

Change Auditor for SQL Server — SQL auditing

Due to a Microsoft hotfix, agents do not capture SQL-related events unless the following action is taken on the SQL Server:

Auditing of SQL Servers running on Itanium platforms is not supported.


Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating