Go Up
You are here: AdministrationAdditional ConfigurationExclude Objects from Monitoring ScopeLogon Activity Monitoring Scope

Exclude Data from Logon Activity Monitoring Scope

You can fine-tune Netwrix Auditor by specifying data that you want to exclude from the Logon Activity monitoring scope.

To exclude data from the Logon Activity monitoring scope

  1. Navigate to %ProgramData%\Netwrix Auditor\NLA\Settings\ folder and locate your monitoring plan.

    NOTE: If you have several monitoring plans for monitoring Logon Activity, configure omitlist for each monitoring plan separately.

  2. Edit the Settings.cfg file based on the following guidelines:

    • Each entry must be a separate line.
    • Wildcards (* and ?) are supported. A backslash (\) must be put in front of (*) and (?) if they are a part of an entry value.
    • Lines that start with <!-- are treated as comments and are ignored.
    Configuration String Description Syntax

    <n n="DCOmitList">

    Contains a list of DCs to be excluded from being monitored.

    DC_name

    For example:

    <v v= "*ROOTDC1*"/>

    <n n="DCCompression

    ServiceUsage">

    Determines whether to enable network traffic compression for a Domain Controller or not.

    NOTE: If configured, overrides the Enable network traffic compression option in monitoring plan configuration.

    DC_name

    v="1"—enables the Netwrix Auditor Logon Activity Compression Service for the specified DC

    v="0"—disables Netwrix Auditor Logon Activity Compression Service for the specified DC

    For example:

    <a n="*ROOTDC1*" v="0"/>
    <n n="UserOmitList">
    <a n="Names">

    Contains a list of users to be excluded from being monitored. Allows specifying a user by name.

    User name

    For example:

    <v v="*NT AUTHORITY*"/>

    <a n="SIDs">

    Contains a list of users to be excluded from being monitored. Allows specifying a user by security identifier (SID).

    User SID

    For example:

    <v v="*S-1-5-21-1180699209-877415012-318292XXXX-XXX*"/>

    NOTE: The file must be formatted in accordance with XML standard. The following symbols must be replaced with corresponding XML entities: & (ampersand), " (double quotes), ' (single quotes), < (less than), and > (greater than) symbols.

    Symbol XML entity

    &

    e.g., Ally & Sons

    &amp;

    e.g., Ally &amp; Sons

    "

    e.g., Domain1\Users\"Stars"

    &quot;

    e.g., Domain1\Users\&quot;Stars&quot;

    '

    e.g., Domain1\Users\O'Hara

    &apos;

    e.g., Domain1\Users\O&apos;Hara

    <

    e.g., CompanyDC<100

    &lt;

    e.g., CompanyDC&lt;100

    >

    e.g., ID>500

    &gt;

    e.g., ID&gt;500

Go Up