立即与支持人员聊天
与支持团队交流

Change Auditor 7.4 - Installation Guide

Installation Overview Install Change Auditor Add Users to Change Auditor Security Groups Connecting to the Clients Deploy Change Auditor Agents Upgrade Change Auditor Installation Notes and Best Practices Deployment Options Workstation Agent Deployment Agent Comparison Install an agent to audit ADAM (AD LDS) on workgroup servers Windows Installer Command Line Options

Agent behavior notes

Agent connection behavior

When an agent comes online, it queries the Active Directory Catalog (GC) for a list of all coordinator SCPs within its same installation to determine which to connect to.

When there are available coordinators within the agent’s site, the agent connects to all coordinators in the site. When there are no coordinators running within the agent’s site, the agent connects to any online coordinator. However, when coordinators within the site come back online, the agent switches to connect to just the coordinators within the same site and drop nonsite coordinator connections. If this behavior is problematic for your environment, contact Quest Technical Support to discuss possible configuration options.

The connection behavior after these initial steps depends on the type of agent:
Change Auditor server agents: Starting with Change Auditor 6.0, server agents submit events to all coordinators in the site and load balancing occurs automatically. All connected coordinators can then participate in receiving events from the server agent, allowing a high volume of events to be distributed for processing.
Change Auditor workstation agents: The workstation agents randomly connect to a single coordinator. This enables ‘scaling out’ options for large workstation agent deployments within a single site.
* 
NOTE: A maximum of 10,000 agents (server and workstation) can connect to a single coordinator. If this connection limit is problematic for your environment, contact Quest Technical Support to discuss possible configuration options.
Incompatibility with Symantec Backup Exec CPS agent

Junction point creation may fail on a server where both a Symantec™ Backup Exec™ CPS agent and a Change Auditor agent are running. To resolve the problem, upgrade the CPS agent to 12.5 or later.

Client notes

Disabled audit events

Some events are disabled by default to improve the initial deployment process and reduce the amount of audited event information initially collected. These audited events can easily be enabled on the Audited Events page of the Administration Tasks tab.

See the appropriate Event Reference Guide for a list of the events that are disabled by default.

Enabling encrypted SQL Server connections

By default, connections to a SQL Server are not encrypted; however to encrypt all data transmitted between an application computer and a computer running a SQL Server instance, you can use the Secure Sockets Layer (SSL). For more details on configuring client network protocols, see the following Microsoft article: http://msdn2.microsoft.com/en-us/library/ms190425.aspx

ADAM (AD LDS) auditing

Monitoring ADAM (AD LDS) instances on workgroup servers

Run the appropriate Change Auditor Agent.msi file on the workgroup server to install an agent to monitor ADAM (AD LDS) instances on nondomain servers. See Install an agent to audit ADAM (AD LDS) on workgroup servers for more information.

Change Auditor for SQL Server — SQL auditing

Auditing events on SQL Server

Due to a Microsoft hotfix, agents do not capture SQL-related events unless the following action is taken on the SQL Server:
Using SQL Server Configuration Manager, add a startup parameter called ‘-T1906’ on the Startup Parameters tab in the SQL Server Properties dialog.
Restart the SQL Server service.
SQL Server auditing for Itanium platform — Not supported

Auditing of SQL Servers running on Itanium platforms is not supported.

 

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级