1 |
2 |
Select Registry (under the Server heading in the Auditing task list) to open the Registry Auditing page. |
3 |
Click Add to start the Registry Auditing wizard which will step you through the process of creating a Registry Auditing template. |
• |
Selecting the Browse | Local Registry option displays the Select registry key dialog allowing you to select a registry key from the local server. |
• |
Selecting the Browse | Remote Registry option displays the Select Active Directory Object dialog allowing you to select the server whose registry you would like to browse. Use the Browse or Search pages to locate and select the server. On the Select registry key dialog select the registry key to be audited. |
7 |
In the Scope cell, use the drop-down menu to select the scope of coverage: |
NOTE: Selecting the Key Events or Value Events check box at the top of the events list on the Events tab will select all of the events listed under the heading. Similarly, clearing the check boxes will clear all of the selected events. |
9 |
If you selected the This object and child objects only option in the Scope cell, you can also specify a specific value for the selected key. To audit a specific value, open the Value tab and enter the value in the text box provided. |
• |
Selecting Browse | Local Registry displays the Select registry key dialog allowing you to select a sub key from the local server. |
• |
Selecting Browse | Remote Registry displays the Select Active Directory Object dialog allowing you to select the server whose registry you would like to browse. Use the browse or search pages to locate and select the server. From the Select registry key dialog, select the sub key to be excluded. |
12 |
To create the template and assign it to an agent configuration, expand Finish and click Finish and Assign to Agent Configuration. |
NOTE: On the Auditing page, you can also use the Assign tool bar button to assign the selected template to an agent configuration. Clicking this button will display the Configuration Setup dialog allowing you to select the agent configuration to which this template is to be assigned. |
13 |
On the Agent Configuration page, select the agents assigned to use the modified agent configuration and click Refresh Configuration to ensure the agents use the latest configuration. |
• |
3 |
Once you have made your modifications, click Finish or expand Finish and click Finish and Assign to Agent Configuration. |
1 |
On the Auditing page, place your cursor in the Status cell for the template to be disabled, click the arrow control and select Disabled. |
2 |
To re-enable the auditing template, use the Enable option in either the Status cell or right-click menu. |
1 |
On the Registry Auditing page, place your cursor in the Status cell for the registry key to be disabled, click the arrow control and select Disabled from the drop-down menu |
2 |
To re-enable the auditing of a registry key, use the Enable option in either the Status cell or right-click menu. |
1 |
On the Auditing page, select the template to delete and click Delete | Delete Template. |
1 |
On the Registry Auditing page, select the registry key to delete and click Delete | Delete Registry Key |
The Registry Auditing wizard displays when you click Add on the Registry Auditing page. From this wizard, select the registry key to be audited as well as the events to be audited.
Enter a descriptive name for the Registry Auditing template being created. | |||||||||||
Expand the browse button to browse for and select a registry key:
| |||||||||||
The list box located across the middle of the page displays the registry keys to be included in the Registry Auditing template. Use the Add and Remove buttons to control the contents of this list:
Use the drop-down box in the Scope cell of the list box to specify the scope of coverage:
| |||||||||||
Select the Key events to audit. Select the Key Events check box to select all of the Key events listed or select individual events from the list. | |||||||||||
Select the Value events to audit. Select the Value Events check box to select all of the Value events listed or select individual events from the list. | |||||||||||
If you selected the This object and child objects only option in the Scope cell, this additional tab will be displayed allowing you to enter a specific value to be audited for the selected key. | |||||||||||
Use the Exclusions tab to exclude sub keys in the selected registry key from being audited. | |||||||||||
To exclude a sub key in the selected registry key from being audited, expand the browse button and select one of the browse options to browse either the local or remote server for the sub key. Once you have specified a sub key for exclusion, click the Add button to add it to the Excluded Keys list at the bottom of the page. | |||||||||||
Expand the browse button and select one of the following options:
| |||||||||||
The list across the bottom of this page contains the sub keys that are to be excluded from auditing. Use the Add and Remove buttons to add and remove entries.
|
To capture service events, you must first define the services to audit:
1 |
2 |
3 |
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center