立即与支持人员聊天

获得即时帮助
完成注册

登录

请求定价

联系销售人员

Change Auditor 7.4 - User Guide

Change Auditor Overview

Available Change Auditor auditing modules

Agent Deployment

Deployment page Using group Managed Service Accounts (gMSA) Deploy agents Connect to a different foreign forest/update credentials Change the agent installation location and system tray option Enable auto deployment Refresh or clear Deployment page information

Change Auditor Client Overview

Starting the Change Auditor client Accessing Change Auditor news and updates Managing connection profiles

Connection wizard

Client components Customize table content

Sort data Resize or move columns Add or remove columns Group data

Using custom filters

Directory object picker

Overview My Favorite Search Define a favorite search Overview panes

Top Agent Activity Recent Event Activity Count of Events By Agent Status Coordinator Status

Event Details pane

Introduction Searches page

Explorer view Searches list Search Properties tabs

View a list of available searches Run searches Run a quick search

Search Results and Event Details

Introduction Search Results page

Search Results grid Search Properties tabs Event Details pane

View search results

Display results in different formats

Preview search results Compare results side-by-side View event details or search properties Copy event details Email event details Add comments View user context and run related searches Protect critical objects, mailboxes, files and folders Add search properties to existing event queries

Custom Searches and Search Properties

Introduction Create a custom search Search Properties tabs

Info tab Who tab What tab Where tab When tab Origin tab Alert tab Report tab Layout tab SQL tab XML tab

Enable Alert Notifications

Introduction Alert tab (Search Properties tabs) Enable alerts Disable alerts Alert History page View alert history View event details or alert properties

Administration Tasks

Administration Tasks tab Administration Task lists Export/import Administration Task settings

Agent Configurations

Introduction Agent Configuration page Define agent configurations Assign agent configurations to server agents Enable event logging

Coordinator Configuration

Coordinator Configuration page Configure email alert notifications/reports Customize alert email content Shared Folder Configuration Group Membership Expansion Add groups to Group Membership Expansion list Agent Heartbeat Check Disconnect client after 30 minutes of inactivity Scheduled Task Handling

Purging and Archiving your Change Auditor Database

Introduction Planning your jobs Purge and Archive page Create and maintain jobs Purge and Archive wizard Purge selected records

Disable Private Alerts and Reports

Introduction Private Alerts and Reports page Disable private alerts and reports

Generate and Schedule Reports

Schedule reports for distribution

Create global report template Define report content and layout Enable and schedule reporting

Launch Report Designer Publish reports Print or save a page's contents

SQL Reporting Services Configuration

Introduction SQL Reporting Services Page SQL Reporting Services Templates SQL Reporting Services Wizard

Change Auditor User Interface Authorization

Introduction Application User Interface Authorization page Add task definition Add role definition Add application group Remove a task definition

Client Authentication

Introduction Client Authentication Page

Changing authentication methods

Certificate authentication for client coordinator communication

Installation settings Deployment Coordinator configuration Windows client configuration

Integrating with On Demand Audit

Managing a Quest On Demand Audit integration

Creating an On Demand Audit configuration Working with an On Demand Audit configuration

Enable/Disable Event Auditing

Introduction Audit Events page Enable/disable event auditing Modify event's severity level or event class description Define events to be captured based on results View event information

Account Exclusion

Introduction Excluded Accounts Auditing page Excluded Accounts templates Excluded Accounts wizard

Registry Auditing

Introduction Registry Auditing page Registry Auditing templates Registry Auditing wizard

Service Auditing

Introduction Services Auditing page Service Auditing templates Service Auditing wizard

Agent Statistics and Logs

Introduction Agent Statistics page

Agent Statistics grid Resource Properties pane

Machine Info page Processors page Drives page Shares page Services page Exchange Mailboxes page

Agent system tray icon

Change Auditor Agent Status dialog

View agent status/statistics Manage Change Auditor agents Agent Log page View and save agent trace logs

Coordinator Statistics and Logs

Introduction Coordinator Statistics page Coordinator system tray icon

Change Auditor Coordinator Status dialog Coordinator Configuration tool

View coordinator status and statistics Manage Change Auditor coordinators Coordinator Log page View and save coordinator trace logs

Change Auditor Commands

Menu commands Tool bar buttons Right-click commands

Change Auditor Email Tags

Search Results and Event Details

•

•

Search Results page

•

View search results

•

Preview search results

•

Compare results side-by-side

•

View event details or search properties

•

Copy event details

•

Email event details

•

Copy event details

•

•

View user context and run related searches

•

Protect critical objects, mailboxes, files and folders

•

Add search properties to existing event queries

Introduction

Audit events are the changes captured by agents, reported to a coordinator, and then written to the database. These events can be retrieved and viewed through searches. When you run a search, Change Auditor searches the events in the database for the desired results. The results are then displayed in the Search Results page.

The terms ‘searches’ and ‘reports’ are used in conjunction to acquire the desired output. You run a 'search' and the results returned is a ‘report’.

Auditing and centralizing the collection of events is only one part of the total control and output required for enterprise security and compliance. It is equally important to be able to retrieve the real-time data and sort through it quickly and efficiently.

Search Results page

A new results page is created whenever a search is run. When a search is run, this page displays detailed information about the events found as a result of the search. This page consists of the following panes:

•

Search Results grid

•

Search Properties tabs or Event Details pane

Search Results grid

The Search Results grid displays the events captured as a result of running a search from the Searches page. The top area of the grid displays the following information:

Displays the date and time when the search was run.


	NOTE: Based on the client’s current local date and time. The format used to display this date and time is determined by the local machine’s regional and language setting.

Displays the amount of time it took to run the search.

Displays the total number of records returned.

Use the Refresh button to redisplay the latest information.

When a large number of records are being captured for display, the Refresh button will become a Cancel button allowing you to cancel the search.

By default, the grid contains the following information about the events returned when a search is run. (You can specify the columns, sort order and grouping for a search, as well as the display format by using the Layout search properties tab.)

Table 1. Search Results grid: Event information displayed by default

Displays what change was made to the object.

AD Failure Reason

Displays the reason for the Active Directory failed event.

AD Failure Status Code

Displays the failure code for the Active Directory failed event.

The coordinator that processed the event.

Displays the name of the domain to which the agented server belongs.

Displays the type of change that occurred.

Defines the event class facility to which the change event belongs.

Indicates whether the operation mentioned in the event was successfully completed. Valid states are:

•

Success - Indicates the operation occurred as stated in the event.

•

Protected - Indicates that the operation was prevented from occurring because the object is protected by the Change Auditor object locking feature.

•

Failed - indicates that the operation was prevented from occurring due to a factor/setting outside of Change Auditor’s control.

•

None - indicates that the operation occurred as stated, but no results were captured for the event. For example, this state is used for most of the internal Change Auditor events.

Displays the name of the server where the change occurred.

Displays the severity assigned to a configuration change event:

•

•

•

Displays the name of the site where the agented server resides.

Defines the subsystem, or area of auditing, where the change event occurred.

Displays the date and time when the agent captured the event.

NOTE: Based on the client’s current local date and time. The format used to display this date and time is determined by the local machine’s regional and language setting.

NOTE: For Azure Active Directory sign in events the time detected in the search results references the sign-in time.

Displays the name of the user who initiated the change.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级

© 2024 Quest Software Inc. ALL RIGHTS RESERVED. 使用条款隐私 Cookie Preference Center