Server Audit Reports

 

This reporting module provides audit information on all the Member Servers that are configured in ADAudit Plus. ADAudit Plus will provide audit report on Servers - which include Domain Controllers and other Member Servers. To audit Member Servers ensure that corresponding audit policy is configured for the Domain Controllers and Member Servers.

 

In addition to configuring "Audit Logon Events" - Success / Failure for the Local Policy of a Server.

 

The following Audit Policies are to be configured

  1. Audit Policy Change - Success / Failure.

  2. Audit Process Tracking - Success.

  3. Audit System Events - Success / Failure.

for all configured Servers that audit data is to be collected. Steps to configure Audit Policy for Member Servers.

 

What actions are audited on Member Servers?

  1. When a process starts or exits.                              

  2. When an Audit Policy is changed.

  3. When User Rights Assigned / Removed for users.

  4. When User Rights Assigned / Removed for groups.

  5. When Security Access Assigned / Removed for users.

  6. When  Security Access Assigned / Removed for groups

  7. When the System time is changed.

  8. When a Scheduled Task is Created/Modified/Deleted

  9. When a local Account is Changed (Local Account Management - Users/Groups)

 

Pre-configured Audit Reports for Server Audit   

Summary Report

 

This report provides the summary of all audit actions on a member server. All actions are listed in the sequence they are recorded.

 

To view a Summary of all actions on a Member Server

  1. Click on the 'Reports' Tab -->> Server Audit Reports  -->> Summary Report

  2. Select the Domain

  3. Select the Server (s) by clicking on the Add button.

  4. Select the Period.

  5. This list all the audit actions that are recorded in the server.

A bar graph is displayed. Each bar denotes an audit action on the server (What actions are audited on Member Servers?). The size of the bar shows the number of events. Click on the bar graph to filter and view desired audit change on the Member Servers.

 

Member Server Changes

 

This report lists all the changes on a Member Server. Each of the change is listed under separate tabs. There are 5 tabs to show audit actions on a selected Server. Toggle between tabs to view changes for the selected Server (s).

 

The Tabs shown by ADAudit Plus and the actions reported under each tab.

 

Tab Name

Audit Actions reported under the Tab

Process Tracking

Lists audit data on any process started or exited for selected Server (s).

Policy Changes

Lists Audit Policy changes in the selected Server (s).

System Events

Lists audit data for all System Time changes on selected Server (s).

Object Management

Lists all object management events and the corresponding audit information recorded in the security log of the Server. Local Account Changes, Disabled, Enabled, Locked out etc.,

Scheduled Task

List all additions, deletions or modifications of Scheduled tasks on a Server.

 

To view an Audit Report on Member Server Changes

  1. Click on the 'Reports' Tab -->> Server Audit Reports -->> Member Server Changes

  2. Select the Domain

  3. Select the Server (s)

  4. Select the Period

  5. Select the Tab to view desired audit action on the selected Server(s).

Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine
Get download link