The latest version of Change Auditor can be integrated with Splunk, QRadar and ArcSight to forward events directly from Change Auditor. Please see the relevant section in the Change Auditor SIEM Integration Guide for more information on how to configure the Integration for each of the supported SIEM products:
For any other SIEM product that is not supported for direct forwarding/integration, Administrators can enable Event Logging on the Change Auditor agents to write Change Auditor audited events locally to a Windows event log. This Windows Event log can then be collected by the SIEM product.
Please refer to the Change Auditor User guide for enabling Event Logging on Change Auditor agents.
Or the knowledge Article 84260: https://support.quest.com/change-auditor/kb/84260/how-to-enable-event-logging-within-changeauditor
The event logs that Change Auditor writes to are located on the Agent server in "Windows Event Viewer | Applications and Service Logs". The log file names vary depending on the module that was enabled for logging. Below is a list:
In addition, If InTrust is available in the environment, the Change Auditor event logs can be gathered into a central repository which can then be forwarded to SIEM.
© 2019 Quest Software Inc. ALL RIGHTS RESERVED. Feedback 使用条款 隐私