Event Log Management with Netwrix Auditor

Generic events consolidation, archiving, real-time alerting and reporting

Available Reports

Report Name Description
Best Practice Reports
Account Management
Administrative Password Resets Shows when account passwords were reset and who reset them.
Computer Account Changes Shows computer accounts changes.
Group Management Shows group changes.
Group Membership Management Shows group membership changes.
Password Changes by User Lists all password changes initiated by users. Password resets performed by administrators are not included in this report.
User Account Management Shows changes to users’ accounts.
Applications
Service Installation Attempts Shows service installation attempts.
Software Installation and Removal Shows events related to software installation and removal.
Software Installation Shows events related to software installation.
Software Removal Shows events related to software removal.
Auditing
Audit Log Cleared Shows audit trail cleanup operations.
Audit Policy Changes Shows changes to audit policy settings.
System Time Changes Shows changes to system time.
User Account Locks and Unlocks Shows user accounts lock and unlock events.
Computer Startups and Shutdowns
All Planned Shutdowns Shows planned shutdowns.
All Unexpected Shutdowns Shows unexpected shutdowns.
DHCP Events
All DHCP Server Errors Shows all DHCP service errors, filtered by date range, computer name and user name.
All DHCP Server Events Shows all DHCP service events, filtered by date range, computer and user name.
Logon Reporter
Failed Logon Attempts Shows failed authentication attempts in the Active Directory.
Remote Desktop Sessions Shows remote desktop sessions, initiated, terminated, and reconnected.
Successful User Logons with Time Range Shows user logons for a specified period of time.
Successful User Logons Shows user logons.
User Logoffs Shows user logoffs filtered by user name.
Service Control Manager
All Service Errors Shows all service errors, filtered by date range, computer and user name.
All Service Events Shows all service events, filtered by date range, computer and user name.
All Service Starts Shows all started services, filtered by date range, computer and user name.
All Service Stops Shows all stopped services, filtered by date range, computer and user name.
Syslog
Generic
All Generic Events Shows all syslog events of the Generic platform. The events are filtered by date range, computer and user name.
Red Hat Enterprise Linux 5
Multiple Session Authentication Failures Shows events generated after multiple failed attempts to open a session for Red Hat Enterprise Linux 5 in a row.
Session Authentication Failures Shows failed attempts to open a session for Red Hat Enterprise Linux 5.
Sessions Shows opening and closing of a session for Red Hat Enterprise Linux 5.
Ubuntu
Multiple Session Authentication Failures Shows events generated after multiple failed attempts to open a session for Ubuntu in a row.
Session Authentication Failures Shows failed attempts to open a session for Ubuntu.
Sessions Shows opening and closing of a session for Ubuntu.
General Reports
All Events by Computer (Chart) Displays a graphical representation of all events grouped by computer, filtered by date range and other parameters.
All Events by Computer Shows all events grouped by computer, filtered by date range and other parameters.
All Events by Date Shows all events grouped by date, filtered by date range and other parameters.
All Events by Source (Chart) Displays a graphical representation of all events grouped by source (e.g. 'Security', 'Application Management'), filtered by date range and other parameters.
All Events by Source Shows all events grouped by source (e.g. 'Security', 'Application Management'), filtered by date range and other parameters.
All Events by User (Chart) Displays a graphical representation of all events grouped by user, filtered by date range and other parameters.
All Events by User Shows all events grouped by user, filtered by date range and other parameters.
All Security Events by User Shows all security events.
All System Events by User Shows all system events.