Warning: "You have some necessary audit success/failed flags not set"

Email It to Me Print this Page
Symptoms The audit report from Netwrix Auditor for File Servers contains the following warning: "You have some necessary audit success/failed flags not set".

Alternatively, the opposite error can be received: " You have some unnecessary audit success/failed flags set'.
 
Cause This warning indicates that some audit settings on monitored shares are not set correctly. This means that auditing flags on a share do not correspond with Netwrix Auditor's settings.

There are 4 types of activities that can be monitored, and each one requires its own audit flags to be set.

Incorrect audit flags may result in missed audit events or flooding of the security log with unnecessary events.


 
Resolution To resolve the issue and get rid of the warning, you will need to configure auditing on shares properly.

Refer to the below images showing audit configuration options and the corresponding audit flags on a share.

Successful modifications - Successful flags for Create files / write data, Create folders / append data, Write attributes, Write extended attributes, Delete subfolders and files, Delete, Change permissions and Take ownership
 User-added image

Failed modification attempts - Failed flags for Create files / write data, Create folders / append data, Write attributes, Write extended attributes, Delete subfolders and files, Delete, Change permissions and Take ownership
User-added image

Successful reads - Successful flag for List folder / Read data
User-added image

Failed read attempts - Failed flag for List folder / Read data
User-added image

 


For detailed instructions, please refer to the Troubleshooting Guide.
 
Was this information helpful?