Skip to main content

Output Types

Once a domain or a host/service is being monitored the event stream can be sent to multiple outputs. There are three types of outputs:

  • File – Creates an activity log as a TSV or JSON file for every day of activity

  • Syslog – Sends activity events to the configured SIEM server. For file servers, this option is also used to send activity events to Netwrix Threat Manager.

  • Netwrix Threat Manager – Sends Active Directory activity events to Netwrix Threat Manager

    note

    This output type is only available for Monitored Domains

See the Output for Monitored Domains topic and the Output for Monitored Hosts topic for information on adding an output.

Output configurations vary based on the type of domain/host selected.

For Active Directory Domains

Output Properties window has the following tabs:

For File System Hosts

Output Properties window has the following tabs:

For Linux Hosts

In addition to common File System tabs, Linux outputs have the following tabs:

For Exchange Online Hosts

Output Properties window has the following tabs:

For Microsoft Entra ID Hosts

Output Properties window has the following tabs:

For SharePoint Hosts

Output Properties window has the following tabs:

For SharePoint Online Hosts

Output Properties window has the following tabs:

For SQL Server Hosts

Output Properties window has the following tabs:

For Windows File Server Hosts

Output Properties window has the following tabs: