If Microsoft Active Directory is used as the source of information, you need:
|
Name |
Description |
|---|---|
|
Step 1. Configure the UserID agent settings for monitor Microsoft AD. |
The UserID agent parameters were discussed earlier. |
|
Step 3. Configure the event source. |
Configure Microsoft Active Directory as the source. See below for more information on the source settings. |
When using AD servers as event sources, UserGate performs WMI queries to search for successful logon events (event ID 4624), Kerberos events (event numbers: 4768, 4769, 4770) and group membership events (event ID 4627). The frequency of the queries execution is defined by the UserID agent settings (Polling interval parameter). The found events are displayed on the Logs and reports, under Logs → Endpoint devices → Events.
When adding an event source of Microsoft Active Directory type, you need to specify the following:
|
Name |
Description |
|||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Enabled |
Enable/disable receiving logs from the source. |
|||||||||||||||||
|
Name |
The source name. |
|||||||||||||||||
|
Description |
An optional description of the source. |
|||||||||||||||||
|
Server address |
Microsoft Active Directory address. |
|||||||||||||||||
|
Protocol |
AD access protocol (WMI). |
|||||||||||||||||
|
Name |
The username for connecting to AD. |
|||||||||||||||||
|
Custom report templates section, click Add, and provide these settings:
|