Audited Windows servers
The systems being monitored are displayed in the “Audited servers” page, accessible from the main hub. Each tile shows the name of the target machine, the number of audited paths and the audit status.
Upon clicking a tile, additional details relating to this audited server will open in a popup. This popup allows you to:
- Enable/disable the audit of the server.
- Check the Microsoft Object audit status.
- Revoke the server.
Disabling the server audit
You can disable the audit on a select server by clicking on the switch button “Active Audit”. However, the audit configuration (audited paths, alerts) is not removed.
When the audit is disabled, the access events are not inserted in the database and the concerned alerts stop working.
Revoking/deleting a server
You can remove a server from FileAudit by clicking the ‘Revoke server’ button and confirming this command.
Take note that deleting a monitored server will remove the server audit and delete all events associated in the database. You also have the choice to remove the audited path configuration.