Repository Indexing Tool
Repository indexing implicitly uses the IndexingTool.exe utility. This utility can also be used directly from the command line. The following requirements apply to all computers where IndexingTool.exe is launched, whether explicitly or automatically.
Architecture |
|
Operating System |
Any of the following:
- Microsoft Windows Server 2022
- Microsoft Windows Server 2019
- Microsoft Windows Server 2016
- Microsoft Windows 10
|
Additional Software and Services |
Microsoft Visual C++ Redistributable, provided in the Redist folder of your InTrust distribution |
Other Requirements |
InTrust agents that perform indexing must be deployed in the same domain as the index-managing InTrust server. |
Supported Platforms
Microsoft Windows Events
InTrust provides auditing and real-time monitoring facilities for the following logs in Windows event log format:
- Windows Security Log
- Windows System Log
- Windows Application Log
- Categorized event logs in the the Application and Services Logs container
- Windows Directory Service Log
- Windows DNS Server Log
- Windows File Replication Service Log
- Active Roles Server Log (EDM Server Event Log)
- InTrust for MIIS Log
- InTrust Server Log
- Custom data source of "Windows Event Log" type
Server side:
Processed computer:
Architecture |
|
Operating System |
Any of the following:
- Microsoft Windows Server 2022
- Microsoft Windows Server 2019
- Microsoft Windows Server 2016
- Microsoft Windows 10
|
IMPORTANT: Support for the more recent Windows versions is provided with some limitations concerning events that have the same event ID but multiple variants. For details, see the description of known issue IN-7007. | |
Additional Software and Services |
- For data gathering without agents: Remote Registry Service
|
Rights and permissions for gathering without agents:
- Access this computer from the network right.
- Deny access to this computer from network right must be disabled.
- Manage auditing and security log right to gather events from the Security log; members of the local Administrators group have this right by default.
- Starting with Windows Server 2016, the Network access: Remotely accessible registry paths and sub-paths policy must be enabled, and the following registry paths must be added to it:
- Software\Microsoft\Windows NT\CurrentVersion
- System\CurrentControlSet\Services\EventLog
- System\CurrentControlSet\Control\TimeZoneInformation
- Starting with Windows Server 2016, to make the Security log accessible for gathering using a specific account, this account must have the Read permission on the HKLM\CurrentControlSet\Services\EventLog\Security registry key.
- Starting with Windows Vista, if the Windows firewall is enabled, the "Remote Event Log Management" exception should be added to its configuration. Otherwise, the Category field is not resolved in the gathered events.
- To clear logs after gathering: membership in the local Administrators group and an open Admin$ share.
- To permit agentless gathering of logs in the Application and Services Logs container, enable Remote Event Log Management in the list of allowed programs and features in Windows Firewall configuration.
Rights and permissions for gathering with agents and real-time monitoring:
The following rights and permissions must be assigned to the InTrust agent account if the agent is not running under the LocalSystem account:
- Manage auditing and security log right is required to gather events from the Security event log.
Microsoft IIS Events
Server side:
- InTrust Server
- The IIS 6 Metabase Compatibility role service (Management Tools | IIS 6 Management Compatibility | IIS 6 Metabase Compatibility in the IIS role service tree) must be installed
Processed computer:
Architecture |
|
Microsoft Internet Information Services |
|
Additional Software and Services |
- For data gathering without agents: Remote Registry Service
- For executing response action scripts: Microsoft Windows Script Host 5.6 or later
- The IIS 6 Metabase Compatibility role service (Management Tools | IIS 6 Management Compatibility | IIS 6 Metabase Compatibility in the IIS role service tree) must be installed
|
|
Notes:
- Monitoring of IIS FTP logs is not supported; gathering of IIS FTP logs with Create agent-side audit log backup option turned on is not supported.
- For real-time monitoring to work, on 64-bit Windows, IIS must be running in 32-bit mode.
- For gathering to work, IIS logging must be done on a per-site basis, meaning that the One log per option must be set to Site (instead of Server) in IIS Manager.
|
Rights and permissions for data gathering without agents:
- Access this computer from the network right
- Deny access to this computer from network right must be disabled
- Membership in the local Administrators group
- Membership in the local Site Operators group
- Read permission to the HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation registry key
- Read permission to the HKLM\SYSTEM\CurrentControlSet\Control\Nls\Language registry key
- Read and List Folder Contents permissions on log file folders; the Delete permission must also be granted if the Clear log after gathering option is turned on for the data source
Rights and permissions for data gathering with agents:
The following rights and permissions must be assigned to the InTrust agent account if the agent is not running under the LocalSystem account:
- Membership in the local Site Operators group
- Read permission to the HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation registry key
- Read and List Folder Contents permissions to log file folders; the Delete permission must also be granted if the Clear log after gathering option is turned on for the data source
Rights and permissions for real-time monitoring:
The InTrust agent account must have the following privilege if the agent is not running under the LocalSystem account:
- Membership in the Site Operators group