Exclude system user
, Oct 26 2017 12:17 PM
1 reply to this topic
26 October 2017 - 12:17 PM
In reports being sent overnight, a system account named 'system' keeps showing up, even if that user has been excluded from lists (omituserlist_fs, omitstoreuserlist_fs and omitreportlist). What would be the proper way to exclude that system account? I've attempted *,,system,*,*, in omitreportlist and simply system in others with no luck.
26 October 2017 - 04:02 PM
Please confirm the current build version of Netwrix Auditor (NA) running in the Environment.
Example: http://i.imgur.com/BTT1d8z.png or https://i.imgur.com/TEhyY3m.png
"System" is not an account this a notification that changes are not correctly being recorded into the Security logon of the File Server being audited.
KB1990 This article provides instructions how to avoid the "system" value in your audit data.
Will need to confirm that the correct settings have been configured via the following based on the OS of the File Server.
Configure Windows File Servers for Monitoring
Configure EMC VNX/VNXe for Monitoring
Configure EMC Isilon for Monitoring https://helpcenter.n...astructure.html
Configure NetApp Filer for Monitoring https://helpcenter.n...ure_NetApp.html
If you look at the Netwrix System Health Event Log
http://i.imgur.com/yjv8hkA.png this will help with Identifying the missing permission(s)