Alerts

 

ADAudit Plus facilitates an easy to understand alerting mechanism to alert on any configured change event. The alerts are based on the event data obtained from a configured Report Profile.

 

An Alert in ADAudit Plus

 

Alerts in ADAudit Plus enables real time monitoring of a change in the Active Directory. An alert will include the following information,

Source :

 

This is the Domain Controller from which Event Originated.

 

Domain :

 

This provides the Domain Information.

 

Severity :

 

Severity indicates the degree of importance associated with an event. ADAudit Plus provides 3 different alert notifications which include

The degree of importance or the Severity to be associated with an event is decided and configured by an administrator while configuring Alert Profiles.

 

Alert Message :

 

Details of the generated alert provided in a easy-to-understand format.  

 

Example: Login failure for User 'Administrator' in '192.168.117.56'. Reason: 'Bad password'

 

Time Generated:

 

This is the time when the Alert was generated.

 

Configure / Create Alert Profiles:

 

ADAudit Plus facilitates an administrator to create customized Alert Profiles by associating them to a Report Profile of choice. To configure / create  an alert profile click here.

 

Manage Alerts

 

ADAudit Plus allows an administrator to manage his alerts by clearing or deleting them with the Clear / Delete alerts options.

 

To Clear an Alert

  1. Click on the "Alerts" Tab (This displays alerts in the configured Domain Controllers )

  2. Select "Active Alerts" from the Drop down (This displays only the Active Alerts in the Configured Domain Controllers)

  3. Select the Alerts to be cleared by providing a check against the respective Alerts.

  4. Click on 'Clear' (This will clear the selected alerts)

Notes:

  1. Only real time alerts which are unattended/uncleared are visible under the "Active Alerts" Table.

  2. Once an alert is attended it can be cleared.

  3. Cleared alerts will be visible under the "All Alerts" Table.

 

 

To Delete an Alert

  1. Click on the "Alerts" Tab (This displays alerts under the configured the Domain Controllers )

  2. Select "Active Alerts" from the Drop down (This displays only the Active Alerts in the Configured Domain Controllers)

  3. Select the Alerts to be cleared by providing a check against the box provided against them.

  4. Click on 'Delete' (This will delete the selected alerts)

 

Notes:

  1. Clearing or Deleting of Alerts is possible for both  "Active Alert" or "All Alert" options selected from the drop down.

  2. An Alert once deleted will not be visible under any of the Alert Tables.

  3. Cleared alerts along with real time alerts will be visible under the "All Alerts" Table.

  4. "Report Profile Based Alerts" or "Alert Profile Based Alerts" can be viewed and managed by selecting respective Alert Tables.

 

 

Notify Alerts by Email

 

An important part of an alert is its ability to notify users. Alerts configured in ADAudit Plus can be notified to one or more recipients by email.

 

To configure an email alert from the "Alert" Tab

  1. Click on the "Email Notification" Link to the top right of the page.

  2. This will redirect to the "Configuration" Tab showing all "Available alert profiles".

  3. Click on the "Configure" link under the column "E-mail Notify".

  4. This will redirect to the page where you can "Modify Alert Profiles"

  5. Under "Modify Alert Profile" provide a check against "Send E-mail Notification".

  6. Enter the "Mail To" address in the check box provided. (For multiple recipients,separate email addresses with commas.)

  7. Click on "Update".

This will update the "Alert Profile" for the "Selected Report Profile". Any new alert will be notified by email to one or all email addresses entered here. This is also discussed under the Alert Profiles Configuration Section.

 

The "Mail To" Box will be open for entry only if a Mail Server is configured. To configure mail Server click on the "Configure Mail Server" Link.

Executing a customized response to a triggered alert

  1. Determine your response to a triggered alert, write a suitable script to generate the response.

    2. The supported scripts are powershell, vbscript, executables and batch.

    To be entered in the "Script Location" field according to the type of script-

    Executables and Batch Scripts -

    Format: filename [parameter1] [parameter 2] [parameter n]

    Example 1: C:\users\test.bat

    Example 2: C:\users\demo.bat %USERNAME%

    Example 3: C:\users\example.exe

    Powershell Scripts -

    Format: powershell.exe filename [parameter1] [parameter 2] [parameter n]

    Example 1: powershell.exe C:\Users\administrator\test.ps1 %PROCESS_NAME%

    VB Scripts -

    Format: wscript(or)cscript filename [parameter1] [parameter 2] [parameter n]

    Example 1: wscript C:\users\sample.vbs %CLIENT_HOST_NAME%

    Example 2: cscript C:\users\demo.vbs


    filename - location (full path) of the script.

    parameter - a parameter acts as input to the script and is customizable.

    Note- The use of parameters is optional

    Note- If the filename contains a space, enclose it within quotes(" ")

  2. List of all parameters which can be used: click here

Copyright © 2014, ZOHO Corp. All Rights Reserved.
ManageEngine