A Change Guardian event contains information such as the name of the event, who generated the event and where, the change that triggered the event, the before and after values, and the Change Guardian policy that triggered the event. You can generate an Event Summary report to view the event details.
You can view events from the Events dashboard in the Change Guardian web console. The dashboard provides a high-level overview of the events collected by the Change Guardian server. You can use this dashboard to monitor the changes happening in the environment, analyze the event, and take preventive steps to protect your organization from malicious attempts.
The dashboard provides the following information:
Number of events generated for each asset or application
Number of events based on the severity
Option to filter events:
By managed or unmanaged events. An event is categorized as a managed event if it is triggered by an authorized user. Any other user who triggers that event is considered unmanaged.
By users who generated most events.
By assets from which most number of events are generated.
By event categories.
By the policy type.
By time range of events.
NOTE:Change Guardian policies are refreshed based on the Polling Interval set in Agent Manager. If you modify a policy, the Events Dashboard displays the associated event only after the polling interval has passed.
You can export events report to a CSV file. To export the events report:
Login to the web console and click Reports > Event Report > Events Summary.
Click the Export to File icon. The events report starts exporting.
NOTE:The forwarder event limit must be less than the number of events you selected and the maximum event limit is 200000.
You can schedule the events report to be sent to the specified email ID once, daily, weekly, or monthly. To schedule the events report:
NOTE:To schedule events report, ensure that you have configured your email. To know more about email configuration, see Configuring Email Servers.
Login to the web console and click Administration.
Click Reports and Searches and select the Change Guardian drop-down.
Click Change Guardian Events and select the Run icon.
In the Run the Report dialog box, set details such as Run frequency, Start Time, Name, Data Sources, Date Range, and E-mail to. The other details are set by default.
Click Run. The Events report has been scheduled.
You can view the scheduled reports under Change Guardian Events.
By default, Change Guardian generates reports in PDF format. You can also generate reports in CSV format by making additional configurations to the Change Guardian server.
To generate an email report in CSV format:
Login to Change Guardian server as a Novell user.
Change to the directory:
/opt/arcsight/connectors/changeguardian/etc/opt/novell/sentinel/config
Run the following command:
cd /opt/arcsight/connectors/changeguardia/etc/opt/novell/sentinel/config/
Open the obj-component.JasperReportingComponent.propertiesfile for editing:
vi obj-component.JasperReportingComponent.properties
Edit the following entry:
reporting.csv.enable=true
reporting.csv.email=true
Restart the Sentinel server with the command:
rcsentinel restart
The email report will contain both CSV and PDF outputs.