Alert Me

The 'Alert Me' feature has been provided to get notified about the working status of various functionalities.

ENABLING THE PAGE

To enable the settings in this page, enter a valid e-mail id in the configuration box.

Note: Please make sure that you have configured mail server settings.

CONFIGURING THE PAGE

In this page, the settings have been categorized into three -

  1. Status Alerts
  2. Failure Alerts
  3. Service Monitor

Status Alerts

Enabling this category of alerts, you can consistently monitor the status of the following

  1. Event Collection Status - This is a domain-based alert, that relays the status of events collected across all configured objects. i.e. this information will give you an insight into what was the last time that events were collected, the read time stamp & the status of an object.
  2. Current audit policy configuration - This alert tells you the status of the audit policy configuration.
  3. Database and installation Folder size - This alert is to give precise details of the memory occupied by the database and installation location. i.e. Specifications of data occupied by each sub-folder in the installation location, the drive size and category wise space occupied; will be given. It is helpful in an event of high disk usage & requirement of optimization.
  4. Cloud directory event collection status - It relays the status of events collected from Cloud Active Directory.
  5. Audit data disk usage - By archiving each report category of ADAP, the amount of disk space that can be saved is relayed through this alert.
  6. SIEM forwarding status - This alert conveys if log forwarding at the time of alerting was successful or not.   
  7. File shares lacking required SACL settings – In case File auditing has been configured, this alert will give you the list of shares for which SACL hasn’t been configured.

Note:  

  • The configured reports will be sent to the configured mail address as a .xlsx file separated by sheets.
  • This is a scheduled alert, reported once in every 6 hours/12 hours/24 hours.

 Failure Alerts

This category is to make you fail-safe. In case of an event that disrupts the proper functioning of ADAP, you will be notified immediately, so that necessary action can be taken to ensure desired working. The events are -

  1. Event collection failure - A machine failure is said to occur when ADAuditPlus is not able to receive event data from the respective machine. If this happens, then the whole purpose of monitoring a machine ceases to exist. Here, you can select the category of objects (Domain Server, File Server, Workgroup etc.) and the threshold of failure tolerance and you will be alerted via e-mail accordingly.
    • Note: The threshold value applies to an individual machine (DomainServer1, Workgroup3 etc.) where failure has occurred & not the category.
  2. EMC Isilon data collection failure - If you have configured an Isilon Cluster, the Syslog listening is of utmost importance. Hence, you will be alerted when Syslog listening fails.
  3. SIEM forwarding failure - It alerts when SIEM forwarding was unsuccessful and if the failure is continued over a period of time, SIEM forwarding is automatically disabled and also alerted for the same.
  4. License Expiry - This is a self-explanatory alert, which is sent if your License is supposed to expire within 20 days.
  5. Free space in the drive goes below - Optimizing disk space is necessary for the proper functioning of your machine. So, if your disk has less space than your mentioned threshold, you will be sent an alert mail.

 Service Monitor

This category is to check if ADAuditPlus is up and running flawlessly. It does so by creating a scheduled task with the name “ADAuditServiceCheck” at the installation machine. This scheduled task monitors the service at an interval of 1 hour and sends an email if the service is not running.

Note: Clicking on the 'Regenerate' button will delete the existing scheduled task and create a new one.

Get download link