Current view: XpoLog V7 (Latest). Available: XpoLog V6 and XpoLog V5

Skip to end of metadata
Go to start of metadata

Background

The Microsoft Active Directory Directory Servers logs analysis App automatically Collect - Read - Parse - Analyzes - Reports all machine generated log data of the server and presents a comprehensive set of graphs and reports to analyze machine generated data. Use a predefined set of dashboards and gadgets to  visualize and address the system software, code written, and infrastructure during development, testing, and production. This logs analysis App helps measure, troubleshoot, and optimize your servers integrity, stability and quality with the several visualization and investigation dashboards.

Steps:

  1. The Microsoft Active Directory App is running on Application, Security and System standard event logs (*.evtx).
    When adding/editing the logs to XpoLog it is mandatory to apply the correct log type(s) to each of the logs:
    1. windows - all logs that the application will analyze must have windows as a log type
    2. activeDirectory - only the Application log must also be configured to have activeDirectory as a log type
    3. application - only the Security log must also be configured to have application as a log type
    4. security - only the System log must also be configured to have security as a log type
    5. system - only the System log must also be configured to have system as a log type

  2. Once the required information is set, on each log click next and edit the log pattern, this step is crucial to the accuracy and deployment of the Microsoft Active Directory App. Use the following patterns for each of the logs:
    1. Active Directory Application event log:
      {priority:Type,ftype=type,Error;Warning;Information;Success;Audit Failure;Audit Success}*;*{timestamp:Date,MM/dd/yyyy HH:mm:ss}{regexp:Account Name,refName=Description;ftype=account name,Account Name:\s+(\S+).*}{regexp:Account Domain,refName=Description;ftype=domain,Account Domain:\s+(\S+).*}*;*{text:Source,ftype=source}*;*{text:Category,ftype=category}*;*{number:Event,ftype=event}*;*{text:User,ftype=user}*;*{text:Computer,ftype=computer}*;*{string:Description,ftype=description}
    2. Active Directory Security event log:
      {priority:Type,ftype=type,Error;Warning;Information;Success;Audit Failure;Audit Success}*;*{timestamp:Date,MM/dd/yyyy HH:mm:ss}{regexp:Account Name,refName=Description;ftype=account name,Account Name:\s*([^\s-]+[^\r\n]*).*}{regexp:Account Domain,refName=Description;ftype=domain,Account Domain:\s*([^\sFailure]+[^\s-]+[^\r\n]*).*}*;*{text:Source,ftype=source}*;*{text:Category,ftype=category}*;*{number:Event,ftype=event}{map:Event Description,ftype=event description;refIndex=6,file:knowledge/repository/system/win/map/winEventsMap.prop}{map:Category Description,ftype=category description;refIndex=6,file:knowledge/repository/system/win/map/winEventsCategoryMap.prop}{map:Sub Category,ftype=sub category;refIndex=6,file:knowledge/repository/system/win/map/winEventsSubCategoryMap.prop}*;*{text:User,ftype=user}{regexp:Logon ID,refName=description;ftype=logon id,Logon ID:\s*([^\s-]+[^\r\n]*).*}*;*{text:Computer,ftype=computer}*;*{string:Description,ftype=description}
    3. Active Directory System event log:
      {priority:Type,ftype=type,Error;Warning;Information;Success;Audit Failure;Audit Success}*;*{timestamp:Date,MM/dd/yyyy HH:mm:ss}{regexp:Account Name,refName=Description;ftype=account name,Account Name:\s+(\S+).*}{regexp:Account Domain,refName=Description;ftype=domain,Account Domain:\s+(\S+).*}*;*{text:Source,ftype=source}*;*{text:Category,ftype=category}*;*{number:Event,ftype=event}*;*{text:User,ftype=user}*;*{text:Computer,ftype=computer}*;*{string:Description,ftype=description}

 

  • No labels