Management of audited servers
The systems being monitored are displayed to the right of the ‘Audited paths’ grid. Each tile shows the name of the target machine and its real-time status. Click on a tile to access detailed information relating to this audited server:
Upon clicking an ‘Audited server’ tile, the server panel will open on the right. This panel allows you to:
- Enable/disable real-time monitoring.
- Check the audit.
- Delete the server.
Real-time monitoring is enabled by default and FileAudit monitors the Microsoft security event log in real time.
You can choose to disable it by switching off this option and clicking ‘Validate’.
If real-time monitoring is disabled, the Microsoft security event log is scanned only when commanded by the Console (i.e. when a path on this server is entered in the File Access Viewer). In this case, access events are detected, displayed and saved in the database only when an audit query is done through the File Access Viewer. Events generated and overwritten by subsequent audit queries are permanently lost.
Check the Audit
You can check the Microsoft Object audit configuration for the server. Click on ‘Check audit’ to display the status of the Microsoft Object audit: enabled/disabled.
Delete the server
You can delete a server from FileAudit by clicking the ‘Delete’ button and confirming this command.
Take note that deleting a monitored server will disable the Microsoft Object audit local policy on this server only if it was enabled by FileAudit.