Change Auditor 7.5 - User Guide

Agent Statistics and Logs

Agent Statistics and Logs

•	Introduction

•	Agent Statistics page

•	Agent system tray icon

•	View agent status/statistics

•	Manage Change Auditor agents

•	Agent Log page

•	View and save agent trace logs

Introduction

Introduction

In addition to the overview information provided in the Top Agent Activity pane and Agent Status pane on the Overview page, you have two additional means of obtaining agent status and statistics:

•	The Agent Statistics page provides a global view of all installed (and if selected, uninstalled) Change Auditor agents, including the current status and other usage statistics for each agent.

•	The Change Auditor Agent Status dialog, which is accessed using the Change Auditor agent system tray icon, provides the status and usage statistics for a single agent.

You can also view or retrieve agent trace logs from the Agent Statistics page or by using the agent system tray icon.

Agent Statistics page

Agent Statistics page

Use the View | Statistics | Agent menu command (or Ctrl+F11) to display the Agent Statistics page, which provides a global view of all installed agents. This page contains the following components:

•	Agent Statistics grid, located at the top of the page, consists of a list of agents and their current status and usage statistics.

•	Resource Properties pane, located across the bottom of the page, displays additional information about the selected agent.

Agent Statistics grid

Agent Statistics grid

NOTE: When agents are connected or disconnected, an Agent Status message will be displayed in the lower right corner of your screen. You can use the View Agent Statistics link in this message box to display the Agent Statistics page.

 

The Agent Statistics grid may contain the following information for each agent. The default column identifies the fields that are displayed by default. To display different fields, click the Field Chooser button located to the far left of the column headings and select the columns to be displayed:

 

NOTE: All dates and times are based on the client’s current local date and time. The format used to display the date and time is determined by the local computer’s regional and language setting.

 

Table 1. Agent Statistics page: Field descriptions

Column	Default	Description
Active Directory	No	Indicates whether custom Active Directory auditing or protection has been defined.
ADAM	No	Indicates whether custom ADAM (AD LDS) auditing or protection has been defined.
Agent	Yes	Displays the NetBIOS name of the server that hosts a Change Auditor agent.
Agent FQDN	No	Displays the fully qualified domain name of the agent.
Architecture	No	Displays whether the agent is installed in a 32-bit (x86) or 64-bit (x64) environment.
Configuration	No	Displays the agent configuration assigned to the agent.
Coordinator	No	Displays the computer name of the Change Auditor coordinator(s) to which the agent is connected.
DB Size	Yes	Displays the size of the agent database.
Domain	Yes	Displays the name of the domain where the agent is located.
EMC	No	Indicates whether the agent is assigned to an EMC Auditing template to capture EMC events.
Events Last 24 Hours	No	Displays the number of events encountered on the agent during the past 24 hours from when the dialog is initially opened during the current client session. The value in this field is a hypertext link and when selected launches a quick search to display the events generated in the last 24 hours.
Events Last Hour	No	Displays the number of events encountered on the agent in the last 60 minutes from when the dialog is initially opened during the current client session. The value in this field is a hypertext link and when selected launches a quick search to display the events generated in the last 60 minutes.
Events Today	Yes	Displays the number of events encountered on the agent since 12:00 a.m. of the current day (based on the relative coordinator computer's time). The value in this field is a hypertext link and when selected launches a quick search to display the events generated today.
Events Total	Yes	Displays the number of events encountered since the agent was started. The value in this field is a hypertext link and when selected launches a quick search to display all events encountered since the agent was started.
Events Yesterday	No	Displays the number of events encountered between 12:00 a.m. yesterday and 12:00 a.m. of the current day (based on the relative coordinator computer's time). The value in this field is a hypertext link and when selected launches a quick search to display the events generated yesterday.
Exchange	No	For agents hosting Exchange, this column indicates whether Exchange Mailbox auditing or Exchange Mailbox protection has been defined.
Exchange Server	No	Indicates whether the server is an Exchange Server.
Exclude Account	No	Indicates whether an Excluded Accounts Auditing template has been assigned to the agent’s configuration.
File System	No	Indicates whether a File System Auditing template or File System Protection template has been assigned to the agent’s configuration.
Forest	No	Displays the name of the forest where the agent resides.
Group Policy	No	Indicates whether Group Policy protection has been defined.
IP Address	No	Displays the IP address of the agent.
Last Update	Yes	Displays the date and time when the agent configuration was last updated.
Load	Yes	Displays the load status of the agent service in regards to processing events. Valid entries are: • Normal - agent service is running and processing events as expected • Medium - agent service has more than 100 events waiting • Critical - agent service has reached a critical load and events may be missed • Unknown - agent service is inactive; therefore, the load is unknown
NetApp	No	Indicates whether an agent is assigned to a NetApp Auditing template to capture NetApp filer events.
Registry	No	Indicates whether a Registry Auditing template has been assigned to the agent’s configuration.
Service	No	Displays whether a Service Auditing template has been assigned to the agent’s configuration.
SharePoint	No	Indicates whether an agent is assigned to a SharePoint Auditing template to capture SharePoint events.
SQL	No	Indicates whether a SQL Auditing template has been assigned to the agent’s configuration.
Startup Time	No	Displays the date and time when the agent was last initialized.
Status	Yes	Displays the current status of the agent: • active • inactive • uninstalled
Type	No	Displays the agent platform: • Domain Controller • Global Catalog • Server • Workstation
Uptime	Yes	Displays how long the agent has been running.
Version	No	Displays the version number of the agent currently deployed.
Workstation	No	Indicates whether this is a workstation agent.

In addition to selecting the fields to display, you can use the drop-down controls to define what servers/workstations are to be included on the Agent Statistics page.

The following table describes how to use these controls to filter the content displayed on the Agent Statistics page.

 

Table 2. Agent Statistics page: Filter controls

Control	Description
Type	Use the left-most control to specify the type of objects to be included in the display: • All - select to view all agented servers and workstations (default) • DCs - select to view agented domain controller servers • Servers - select to view agented servers regardless of domain membership • Workstations - select to view agented workstations (including workstations joined to the domain and workstation agents manually installed on non-Active Directory computers)
Active Directory view	By default, the Agent Statistics page provides a forest view of the servers found. However, you can use the right-most controls to limit your view to an individual domain or site. Use the middle control to select the Active Directory view (forest, domain or site) then use the right-most control to select an individual forest, domain or site for which servers are to be displayed.