Define Parameters
The configuration wizard opens in the default web browser:
Click Proceed and complete the following fields:
| Option | Description |
|---|---|
| Specify General Settings | |
| Listed UDP port | Specify UDP port for listening incoming events. (514 by default). |
| Auditor Endpoint | Auditor Server IP address and port number followed by endpoint for posting Activity Records. Assumes that the add-on runs on the computer hostingAuditor Server and uses default port 9699. If you want to run the add-on on another machine, provide a name of the computer where Auditor Server resides (e.g., 172.28.6.15, EnterpriseNAServer, WKS.enterprise.local). To specify a non-default port, provide a server name followed by the port number (e.g., WKS.ent erprise.local:9999). Do not modify the endpoint part (/ netwrix/ api ) |
| Certificate Thumbprint | Netwrix Auditor Certificate Thumbprint Property. Possible values: - Empty—Check Auditor certificate via Windows Certificate Store. - AB:BB:CC—Check Auditor Server certificate thumbprint identifier. - NOCHECK—Do not check Auditor certificate. Make sure to select this parameter if you plan to specify servers by their IP. |
| Specify Active Directory credentials | |
| Username | Provide the name of the account under which the service runs. Unless specified, the service runs under the account currently logged on. |
| Password | Provide the password for the selected account. |
| Auditor Monitoring Plan settings | |
| Auditor Plan | Unless specified, data is written to Netwrix_Auditor_API database and is not associated with a specific monitoring plan. Specify a name of associated monitoring plan in Auditor. In this case, data will be written to a database linked to this plan. If you select a plan name in the add- on, make sure a dedicated plan is created in Auditor, the Netwrix API data source is added to the plan and enabled for monitoring. Otherwise, the add- on will not be able to write data to the Audit Database. |
| Auditor Plan Item | Unless specified, data is not associated with a specific plan and, thus, cannot be filtered by item name. Specify an item name. Make sure to create a dedicated item inAuditor in advance. |
| Accept List | |
| Address | Specify a list of IP addresses of syslog events sources. The service will collect and process events from these sources only. Events collected from any other source will be ignored. |
Click Run to start collecting data with the Add-On.