FileAudit Documentation
FileAudit Documentation
You are here: Reference > Audit > Windows audit > Audited servers

Audited Windows servers

The systems being monitored are displayed in the “Audited servers” page, accessible from the main hub. Each tile shows the name of the target machine, the number of audited paths and the audit status.

Upon clicking a tile, additional details relating to this audited server will open in a popup. This popup allows you to:

  • Enable/disable the audit of the server.
  • Check the Microsoft Object audit status.
  • Revoke the server.

Disabling the server audit

You can disable the audit on a select server by clicking on the switch button “Active Audit”. However, the audit configuration (audited paths, alerts) is not removed.

When the audit is disabled, the access events are not inserted in the database and the concerned alerts stop working.

Revoking/deleting a server

You can remove a server from FileAudit by clicking the ‘Revoke server’ button and confirming this command.

Take note that deleting a monitored server will remove the server audit and delete all events associated in the database. You also have the choice to remove the audited path configuration.