Skip to main content

Articles in this section

See more
Print

Forwarding collected change records to Windows event log

  • Updated

Forwarding collected change records to Windows event log

This article describes how to configure Cayosoft Guardian to forward all collected change records to the Windows event log.

How to enable the event generation

  1. Open Cayosoft Guardian web portal.
  2. Expand Settings node.
  3. Click Service Settings.
  4. Select Windows Event Log Settings.
  5. In Windows Event Log Settings, remove the Disable checkbox in Windows Event Log for Change Audit.
  6. Adjust Maximum log size (MB) if necessary.
  7. Click Save.

How to view events generated by Cayosoft Guardian

  1. Open Event Viewer application on a server where Cayosoft Guardian Service is installed

  2. Expand Application and Services Logs.

  3. Click Change Audit.

  4. Examine generated events:

    A 15000 event is generated for every change history record and contains JSON with change history record content. An example of such an event is below.

    Copy
    {
                        "accountExpires_removed": 9223372036854775807,
                        "auditCategories": ["Delete object"],
                        "auditDateTime": "2022-03-03T12:07:04+00:00",
                        "auditLogId": "9f54e06fea9aec11a94900155d019301",
                        "changeType": "deleted",
                        "checkPointId": "408c444eea9aec11a94900155d019301",
                        "correlationId": "77d2f2a9852c4fa08b4cd93d157058b8",
                        "countryCode_removed": 0,
                        "createdDateTime": "2022-03-03T12:07:04.4533333+00:00",
                        "deletedDateTime_added": "2022-03-03T12:07:04.4313215+00:00",
                        "distinguishedName": "CN=HTPC\0ADEL:7ca10d3a-8652-4239-baa6-2f581088c4e9,CN=Deleted Objects,DC=CORP,DC=cayodev11,DC=com",
                        "initiatorId": "S-1-5-21-1191309627-226541470-3376102353-500",
                        "initiatorName": "CORP\Administrator",
                        "isDeleted_added": true,
                        "isDeleted_removed": false,
                        "lastModifiedDateTime": "2022-03-03T12:07:04.4566667+00:00",
                        "managedSystemId": "42c3a7d7ee604056bec3ace5cb64e292",
                        "managedSystemName": "CORP.cayodev11.com",
                        "modifiedProperties": [
                        "accountExpires", "codePage", "countryCode", "deletedDateTime",
                        "distinguishedName", "isDeleted", "isRecycled", "localPolicyFlags"
                        ],
                        "objectType": "cayo.graph.historyRecord",
                        "objectId": "7ca10d3a86524239baa62f581088c4e9"
                    }

© Copyright 2013-2026 Cayosoft Inc. All rights reserved.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.