Event Log Cleared Status Test
Administrators rely on event logs to capture and troubleshoot errors and warning events that occur on an Active Directory server. This is why, if a user inadvertently or wilfully clears an event log, many critical problem conditions may go unnoticed! Under such circumstances, it is only natural that administrators want to find out who cleared the logs, so that that user can be pulled up for questioning. The Event Log Cleared Status test helps with this. This test promptly alerts administrators if an application, system, or event log gets cleared. The detailed diagnosis of the test also points administrators to the user who cleared the log, thus assisting investigation.
Target of the test : An Active Directory
Agent deploying the test : An internal agent
Outputs of the test : One set of results for every Active Directory site that is being monitored
Parameters | Description |
---|---|
Test period |
This indicates how often should the test be executed. |
Host |
The IP address of the machine where the Active Directory is installed. |
Port |
The port number through which the Active Directory communicates. The default port number is 389. |
DD Frequency |
Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD Frequency. |
Detailed Diagnosis |
To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:
|
Measurement | Description | Measurement Unit | Interpretation |
---|---|---|---|
Application/System event log cleared |
Indicates the number of times the application and/or system event log was cleared during the last measurement period. |
Number |
The detailed diagnosis of this measure reveals when and who cleared the application/system event log. |
Security event log cleared |
Indicates the number of times the security event log was cleared during the last measurement period. |
Number |
The detailed diagnosis of this measure reveals when and who cleared the security event log. |