Re: Quest ChangeAuditor

agonist_inhaler · ‎05-02-2012

Hi, I am wondering if anyone have already user Splunk for Quest ChangeAuditor, I know by searching through google that this piece of software can monitor AD events, like logins, and account lock-outs and so on, they even have exchange and sql support, but I really don't know how it logs all these events. I am hoping someone is familiar enough on this software and can give any idea on its own logging system if its possible to splunk it.

Appreciate any inputs.

PS. I know generally that any plain text file splunk can read.

ageld · ‎11-02-2017

Has anyone successfully accomplished the integration between Quest (Dell) ChangeAuditor and Splunk? I would love to be able to send ChangeAuditor logs to Splunk.

Thank you!

tomcochran · ‎05-04-2015

Is there any follow up info on how this could be done? I have been searching and it seems like there is little info especially now that ChangeAuditor is Dell owned.

bpiirala · ‎05-11-2012

Quest ChangeAuditor is an awesome product. You can't get that level of AD auditing anywhere else, and the UI makes it ridiculously easy to search and find audit info after the fact. You definitely don't need any event logging tools for this, but yes you could also use Splunk to collect ChangeAuditor's events too. Although for AD auditing, the ChangeAuditor UI is what you'd want to use.

Quest ChangeAuditor

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases