Notifications
ADAudit Plus' Notifications feature notifies you about the product's performance and alerts you to any failures or errors that require your attention. The notifications you receive can be grouped under three categories:
- Status Alerts
- Failure Alerts
- Service Monitor
To enable Notifications, in ADAudit Plus web console, go to the Admin tab > Administration > Notifications, configure the mail server settings first and then enter a valid email ID to start receiving the alerts.
Status Alerts
Enable this category to receive notifications about the status of critical background operations that ensure ADAudit Plus functions properly:
- Event collection status: A domain-based notification that provides insights into event collection for all configured computers, including status, fetch intervals, and fetch mode.
- Current audit policy configuration: A domain-based notification that summarizes the audit policies configured within the domain, detailing enabled settings for each policy.
- Database and installation folder size: Notifies about the disk space usage by ADAudit Plus' installation folder, including the database, audit data, and alert data.
- Outdated agent in use: Notifies when an agent version becomes outdated.
- Audit data disk usage: Notifies about potential disk space that can be freed up by archiving audit data under each report category.
- SIEM forwarding status: Notifies about the status of log forwarding.
- File shares lacking required SACL settings: Lists shares without the necessary SACL configurations for file auditing.
Note:
- Email notifications containing the relevant information in the form of spreadsheets will be sent to the Email ID specified.
- All status alerts can be scheduled to run every six, 12, or 24 hours.
Failure Alerts
Enable this category, to receive notifications about errors or failures that may disrupt ADAudit Plus' functionality.
- Event collection failure (threshold-based): A configurable alert that lets you set a failure threshold for event collection from specific data sources. You can define threshold values for domain controllers, Windows servers, file servers, workstations, workgroup servers, and Azure AD tenants. Once the threshold is breached, an email notification is triggered.
- Event collection failure (time-based): Similar to the threshold-based alert, this configurable alert notifies you if event collection fails for a specified number of hours.
- EMC Isilon/Synology/QNAP data collection failure: Notifies you if syslog listening fails for a configured EMC Isilon/Synology/QNAP server, indicating a halt in data collection.
- SIEM forwarding failure: Triggers an email notification when log forwarding to a SIEM system fails.
- Service data collection failure: Alerts you to errors encountered while collecting service account auditing events via the scheduler.
- Size of Raw/Processed event data exceeds: A configurable alert that notifies you when the Raw or Processed folders exceed a defined storage threshold (in GB).
- License Expiry: Notifies when your license is set to expire within 20 days.
- Free space in the drive goes below: A configurable alert that notifies you when available disk space drops below a specified threshold (in MB).
- DataEngine down: A configurable alert that lets you set a frequency (in hours) for receiving notifications when the DataEngine service is down.
- Audit data scheduled for deletion: Notifies about the audit data that is scheduled for deletion based on your Archive settings.
- Audit data deleted: Confirms when audit data has been deleted as per your Archive settings.
Service Monitor
Enable this category to receive notification when the ADAudit Plus service stops running. Once enabled, a scheduled task called “ADAuditServiceCheck” is created on the machine where ADAudit Plus is installed. This scheduled task runs hourly, monitoring the service and triggering an email alert if it goes down.
Note: Use the Click Here to Regenerate button to delete the existing scheduled task and create a new one.
Don't see what you're looking for?
-
Visit our community
Post your questions in the forum.
-
Request additional resources
Send us your requirements.
-
Need implementation assistance?
Try OnboardPro