Jump to content


Photo

Completed with error


  • Please log in to reply
1 reply to this topic

#1 solution

solution

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 06 May 2020 - 08:38 AM

I succesfully configured netwrix auditor for fileserver.
Joined with domain and set the auditor for domain users.
I read the documentation.


When I click run to launch the log it downloaded with these error:

5/6/2020 4:22:41 PM: WINSERVER: error while enumerating forest domains myfiles.com: Current security context is not associated with an Active Directory domain or forest.
5/6/2020 4:23:15 PM: fileserver: [WARNING] security log overwrites occurred on this computer since the last collection. Please increase the maximum size of the security event log. Last collected event: 05/06/2020 00:20:43 (GMT); first new event: 05/06/2020 06:53:09 (GMT); estimated loss: 7 hour(s). Cannot find last stored event.
Your current audit settings may prevent events from being reported. For details, please refer to the following document: http://www.netwrix.com/go/648297
List of file shares:
\\fileserver\Share\ (The "Name" setting value of "Auditing Entry for \\fileserver\Share\" is incorrect. Please change it to "Everyone".)
\\fileserver\Share\ (The "Name" setting value of "Auditing Entry for \\fileserver\Share\" is incorrect. Please change it to "Everyone".)
\\fileserver\Share\ (You have some necessary audit success flags not set: List Folder / Read Data, Create Files / Write Data, Create Folders / Append Data, Write Extended Attributes, Delete Subfolders and Files, Write Attributes, Delete, Change Permissions, Take Ownership)
\\fileserver\Share\ (You have some necessary audit failed flags not set: List Folder / Read Data, Create Files / Write Data, Create Folders / Append Data, Write Extended Attributes, Delete Subfolders and Files, Write Attributes, Delete, Change Permissions, Take Ownership)

What settings should I check?

 

thanks, regards

 



#2 Kirill K

Kirill K

    Advanced Member

  • Administrators
  • PipPipPip
  • 136 posts
  • Gender:Male

Posted 21 May 2020 - 04:22 PM

Hi there,

 

This may help you to fix the issues related to configure correct object-level auditing settings:

https://helpcenter.n...vel_Access.html

 

The issue with security log overwrites can be fixed after identifying what process or action is flooding security event log.

 

Regarding the error "error while enumerating forest domains myfiles.com", need to know more about end environment, is it real domain where Netwrix Auditor is installed? Netwrix Auditor host and the file server belong to different domains?


Best regards,
Forum Engineer
 





0 user(s) are reading this topic

0 members, guests, anonymous users