Define Parameters
The configuration wizard opens in the default web browser:
Click Proceed and complete the following fields:
| Option | Description |
|---|---|
| Specify General Settings | |
| Listed UDP port | Specify UDP port for listening incoming events. (514 by default). |
| Netwrix Auditor Endpoint | Netwrix Auditor Server IP address and port number followed by endpoint for posting Activity Records. Assumes that the add-on runs on the computer hosting Netwrix Auditor Server and uses default port 9699. To specify a non-default port, provide a server name followed by the port number (e.g., WKS.ent erprise.local:9999). Do not modify the endpoint part (/netwrix/api ) |
| Certificate Thumbprint | Possible values: - Empty— Check Auditor certificate via Windows Certificate Store. - AB:BB:CC— Check Auditor Server certificate thumbprint identifier. - NOCHECK— Do not check Auditor certificate. Make sure to select this parameter if you plan to specify servers by their IP. |
| Specify Active Directory credentials | |
| Username | Specify the account under which the service will authenticate to the Netwrix_Auditor_API. |
| Password | Provide the password for the selected account. |
| Monitoring Plan settings | |
| Monitoring Plan | Unless specified, data is written to Netwrix_Auditor_API database and is not associated with a specific monitoring plan. Specify a name of associated monitoring plan in Auditor. In this case, data will be written to a database linked to this plan. If you select a plan name in the add- on, make sure a dedicated plan is created, the Netwrix API data source is added to the plan and enabled for monitoring. Otherwise, the add- on will not be able to write data to the Audit Database. |
| Monitoring Plan Item | Unless specified, data is not associated with a specific plan and, thus, cannot be filtered by item name. Specify an item name. Make sure to create a dedicated item inAuditor in advance. |
| Accept List | |
| Address | Specify a list of IP addresses of syslog events sources. The service will collect and process events from these sources only. Events collected from any other source will be ignored. |
Click Run to start collecting data with the Add-On.