Go Up
You are here: AdministrationAdditional configurationExclude objects from monitoring scope with omit listsLogon Activity Monitoring Scope

Exclude Data from Logon Activity Monitoring Scope

You can fine-tune Netwrix Auditor by specifying data that you want to exclude from the Logon Activity monitoring scope.

To exclude data from the Logon Activity monitoring scope

  1. Navigate to %ProgramData%\Netwrix Auditor\NLA\Settings\ folder and locate your monitoring plan.

    NOTE: If you have several monitoring plans for monitoring Logon Activity, configure omitlist for each monitoring plan separately.

  2. Edit the Settings.cfg file based on the following guidelines:

    • Each entry must be a separate line.
    • Wildcards (* and ?) are supported. A backslash (\) must be put in front of (*) and (?) if they are a part of an entry value.
    • Lines that start with <!-- are treated as comments and are ignored.
    Configuration String Description Syntax

    <n n="DCOmitList">

    Contains a list of DCs to be excluded from being monitored.


    For example:

    <v v= "*ROOTDC1*"/>

    <n n="Hubs">

    Determines whether to enable network traffic compression for a Domain Controller or not.

    NOTE: If configured, overrides the Enable network traffic compression option in monitoring plan configuration.

    <n n="localhost">
    <a n="DCWithCompressionService" t="258">
    <v v="DomainControllerNameInFQDNFormat1"/>
    <a n="DCWithoutCompressionService" t="258">
    <v v="DomainControllerNameInFQDNFormat2"/>
    <a n="DataCollectionIntervalInSeconds" v="0"/>
    <n n="UserOmitList">
    <a n="Names">

    Contains a list of users to be excluded from being monitored. Allows specifying a user by name.

    User name

    For example:

    <v v="*NT AUTHORITY*"/>

    <a n="SIDs">

    Contains a list of users to be excluded from being monitored. Allows specifying a user by security identifier (SID).

    User SID

    For example:

    <v v="*S-1-5-21-1180699209

    NOTE: The file must be formatted in accordance with XML standard. The following symbols must be replaced with corresponding XML entities: & (ampersand), " (double quotes), ' (single quotes), < (less than), and > (greater than) symbols.

    Symbol XML entity


    e.g., Ally & Sons


    e.g., Ally &amp; Sons


    e.g., Domain1\Users\"Stars"


    e.g., Domain1\Users\&quot;Stars&quot;


    e.g., Domain1\Users\O'Hara


    e.g., Domain1\Users\O&apos;Hara


    e.g., CompanyDC<100


    e.g., CompanyDC&lt;100


    e.g., ID>500


    e.g., ID&gt;500

Go Up