ChangeAuditor for Windows File Servers (http://quest.com/products/changeauditor-for-windows-file-servers) tracks, audits, reports and alerts on vital changes, which makes it the ideal tool to monitor changes in VDS configurations. The main benefit is monitoring the folder where the configurations are stored (confs), but it can also be configured for any other such as extensions or include.
By using the registry option from ChangeAuditor you can also monitor changes in the registry entries used by VDS.
In principle ChangeAuditor should avoid monitoring the logs folders inside the configurations. InTrust (http://quest.com/products/intrust) is a better choice for this task as it is an event log management tool for security and compliance that enables you to securely collect, store, report and alert on event log data.
Some prerequisites are required:
'ChangeAuditor for File Systems' installed on a machine that is a member of a domain (please refer to the ChangeAuditor documentation for installation).
'ChangeAuditor Client' installed on the machine from which 'ChangeAuditor Coordinator' will be managed.
An instance (test_VDS) of VDS working on a machine in the same domain as ChangeAuditor.
Start 'ChangeAuditor Client' and go to the Administrator View (View ->Administration).
From this View you will need to follow these steps:
Choose the Auditing tab and select 'File System' under Server option.
Click on 'Add...' to create a new template.
Set the name as 'VDS template'.
In 'Audit path' select your VDS configuration and add it to the template in the example. (1)
As scope select 'This object and all child objects'.
Under Inclusions tab add the ' * ' filter (the most generic filter as starting point).
Under Events tab select 'All the file and folder events' (also as starting point).
Then click on 'Finish the template'.
(1) The default path to the instance is:
C:\Program Files (x86)\Dell\VDS\RX.Y.Z\confs\test_VDS
This is an initial setup of the monitor tool; once it is working you can change the way everything is monitored. The most typical changes would be:
Change Inclusion tab from '* ' to ' *.ds | *.ldif ' as this will trigger only the VDS configuration files (the most significant ones).
Under Events tab reduce the number of events to the ones that most require monitoring.
As an alternative to creating one template for each VDS configuration, the Audit Path can be extended to the whole confs path.
Start 'ChangeAuditor Client' and navigate to the Administrator View (View ->Administration).
From this View you will need to complete the following steps:
Choose the Auditing tab and select 'Registry' under the Server option.
Click on 'Add...' to create a new template.
Set the name as 'VDS reg template'.
Select VDS common Registry key in HKLM. (1)
As scope select 'This object and all child objects'.
Under Events tab select 'All the Key and Value events' to start with.
Then click on 'Finish the template'.
(1) Note that you will not be able to find this entry using the 'Browse' button unless the test_VDS instance is running (it is not present if stopped). The path is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VDS RX.Y.Z [confs - test_VDS]
First, (if not already completed) install the Agent on the same machine where VDS is installed.
Start 'ChangeAuditor Client' and navigate to the Deployment View (View -> Deployment). From here you will need to select the server from the list (for example by changing the Server filter from 'Domain Controllers' to 'Member Servers' to find all servers belonging to the domain), and then click on Install or Upgrade. The process will automatically continue and will show you a message when it has completed.
Now the Agent has been installed the final step is to assign the templates, that were previously created, to this agent. To configure this in the 'ChangeAuditor Client', navigate to the 'Administration view' (View -> Administration) and follow these steps:
Choose the Configuration tab and select 'Configurations'.
Add a new one and set its name (i.e. VDS Configuration).
Assign the templates created in the previous steps to the configuration that has just been created (under 'Assigned' change the value from 'No' to 'Yes').
At this point leave everything else at the default settings (this can be changed once everything is working correctly).
Click on 'Apply' and then on 'OK'.
Navigate back to the Agents Configuration panel, and select the Agent to be used for VDS monitoring, click on 'Assign'.
Select the VDS configuration that has been created and click on 'OK'.
The configuration is now complete; it can be verified using the logs.
In this phase you can configure items to monitor. As a first step configure the most generic 'Search view' (show All events), however there are multiple options to remove any entry that is not relevant. The steps for receiving these events are as follows. With ChangeAuditor started, click on 'Searches View' (View ->Searches), go to ALL events searches and select 'Shared Search - All Events' inside the folder. Many events will be displayed (if not, please refer to the 'ChangeAuditor Troubleshooting Guide').
Once this stage is reached, events from both file and registry changes can be viewed, and a generic configuration can be tuned to one that is more appropriate.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center
