Review the following for additional information:
- Navigate to Start → Netwrix Auditor → Netwrix AuditorEvent Log Manager.
On the main page, you will be prompted to select a monitoring plan. Click Add to add new plan.
Configure basic parameters as follows:
- Enable event log collection—Select the checkbox to start monitoring event logs.
- Monitoring plan—Enter a name for a new list of monitored computers.
- Notification recipients—Specify one or several email addresses for users to receive daily Event Log collection status notifications. Use semicolon to separate several addresses.
Monitored computers—Select items that you want to audit. You can add several items to your monitoring plan. Click Add and complete the following:
Allows specifying a single computer by entering its FQDN, NETBIOS or IP address. You can click Browse to select a computer from the list of computers in your network.
Active Directory container
Allows specifying a whole AD container. Click Browse to select from the list of containers in your network. You can also:
Select a particular computer type to be monitored within the chosen AD container: Domain controllers, Servers (excluding domain controllers), or Workstations.
Click Exclude to specify domains, OUs, and containers you do not want to audit.
NOTE: The list of containers does not include child domains of trusted domains. Use other options (Computer name, IP address range, or Import computer names from a file) to specify the target computers.
IP address range / Computers within an IP range
Allows specifying an IP range for the audited computers.
To exclude computers from within the specified range, click Exclude. Enter the IP range you want to exclude, and click Add.
NOTE: You can specify multiple computer names by importing a list from a .txt file (one computer name/IP address per line is accepted). Click Import and select a .txt file. You can choose whether to import the list once, or to update it on every data collection.
Navigate to the General tab and configure the following:
Enter the account that will be used by Netwrix Auditor Event Log Manager for data collection. For a full list of the rights and permissions required for the account, and instructions on how to configure them, refer to Netwrix Auditor Installation and Configuration Guide.
Audit archiving filters
Define what events will be saved to the Long-Term Archive or the Audit Database. Refer to Configure Audit Archiving Filters for Event Log for detailed instructions on how to configure audit archiving filters.
Configure alerts that will be triggered by specific events. Refer to Create Alerts for Event Log for detailed instructions on how to configure Netwrix Auditor Event Log Manager alerts.
Navigate to the Notifications tab and complete the following fields:
Enter your SMTP server address. It can be your company's Exchange server or any public mail server (e.g., Gmail, Yahoo).
Specify your SMTP server port number.
Enter the address that will appear in the From field.
NOTE: It is recommended to click Verify. The system will send a test message to the specified email address and inform you if any problems are detected.
Select this checkbox if your mail server requires the SMTP authentication.
Enter a user name for the SMTP authentication.
Enter a password for the SMTP authentication.
Use Secure Sockets Layer encrypted connection (SSL)
Select this checkbox if your SMTP server requires SSL to be enabled.
Use implicit SSL
Select this checkbox if the implicit SSL mode is used, which means that an SSL connection is established before any meaningful data is sent.
Navigate to the Audit Database tab to configure Audit Database and review SQL Server settings. Netwrix Auditor Event Log Manager synchronizes Audit Database and reports settings with the default Audit Database configuration from Netwrix Auditor Server. If this option is disabled, contact your Netwrix Auditor Global administrator and make sure that these settings are properly configured in Netwrix Auditor Server. Refer to Audit Database for detailed instructions on how to configure the Audit Database settings.
Complete the following fields:
Write data to Audit Database and enable reports
Select if you want to generate reports. Even if you do not select this checkbox now, you will still be able to configure these settings later, but already collected audit data will not be imported in the Audit Database.
Write event descriptions to Audit Database
Select if you want to see the exact error or warning text.
Store events for... days
Specify the Audit Database retention period.
NOTE: This setting affects all monitoring plans. The minimum value specified across the plans will be applied. When configuring, mind that your data will be deleted automatically when its retention period is over.
NOTE: You cannot edit SQL Server settings for Netwrix Auditor Event Log Manager.
Navigate to the Advanced tab and configure the following:
Option Description Enable network traffic compression
If enabled, a Compression Service will be automatically launched on the audited computer, collecting and prefiltering data. This significantly improves data transfer and minimizes the impact on the target computer performance.
Specify notification delivery time
Modify the Event Log collection status email delivery schedule.
The Event Log Collection Status email shows whether data collection for your monitoring plan completed successfully or with warnings and errors.