Objective    

To configure notifications in ADAudit Plus to receive alerts about the product’s performance, failures, and service status, including when event log collection stops.

 Prerequisites   

• You must have administrative access or delegate permission to configure notification in ADAudit Plus web console.

• You must configure mail server settings to enable email notifications.

 Steps to follow 

 Step 1: Enable notifications and configure mail settings 

1. Log in to the ADAudit Plus web console.
   

2. Navigate to the Admin tab > Administration > Notifications.

3. Enter a valid email ID to start receiving alerts.
   

NOTE: Configure the Mail Server Settings if you have not done so already under Admin > General Settings > Server Settings > Mail.

 Step 2: Configure Status Alerts
 

Enable this category to receive notifications about the status of critical background operations:

1. Event collection status: Domain-based notification providing insights into event collection for all configured computers, including status, fetch intervals, and fetch mode.

2. Current audit policy configuration: Domain-based notification summarizing the audit policies configured within the domain, detailing enabled settings for each policy.

3. Database and installation folder size: Notifies about disk space consumption of the ADAudit Plus installation directory, including the database, audit data, and alert data.

4. Outdated agent in use: Notifies when an agent version becomes outdated.

5. Audit data disk usage: Notifies about potential disk space that can be freed up by archiving audit data under each report category.

6. SIEM forwarding status: Notifies about the status of log forwarding.

7. File shares lacking required SACL settings: Lists shares without necessary SACL configurations for file auditing.

Note: Email notifications containing relevant information in the form of spreadsheets will be sent to the email ID specified.

8. All status alerts can be scheduled to run every 6, 12, or 24 hours.

 Step 3: Configure Failure Alerts
 

Enable this category to receive notifications about errors or failures that may disrupt ADAudit Plus functionality:

1. Event collection failure (threshold-based): Configurable alert that lets you set a failure threshold for event collection from specific data sources. You can define thresholds for domain controllers, Windows servers, file servers, workstations, workgroup servers, and Azure AD tenants. Once the threshold is breached, an email notification is triggered.

2. Event collection failure (time-based): Similar to threshold-based alert, notifies you if event collection fails for a specified number of hours.

3. EMC Isilon/Synology/QNAP data collection failure: Notifies you if syslog listening fails for a configured EMC Isilon/Synology/QNAP server, indicating a halt in data collection.

4. SIEM forwarding failure: Triggers an email notification when log forwarding to a SIEM system fails.

5. Service data collection failure: Alerts you to errors encountered while collecting service account auditing events via the scheduler.

6. Size of Raw/Processed event data exceeds: Configurable alert notifying you when the Raw or Processed folders exceed a defined storage threshold (in GB).

7. License expiry: Notifies when your license is set to expire within 20 days.

8. Free space in the drive goes below: Configurable alert notifying you when available disk space drops below a specified threshold (in MB).

9. DataEngine down: Configurable alert that lets you set a frequency (in hours) for receiving notifications when the DataEngine service is down.

10. Audit data scheduled for deletion: Notifies about audit data scheduled for deletion based on your archive settings.

11. Audit data deleted: Confirms when audit data has been deleted per your archive settings.

 Step 4: Configure Service Monitor
 

Enable this category to receive notifications when the ADAudit Plus service stops running:

1. Once enabled, a scheduled task called ADAuditServiceCheck is created on the machine where ADAudit Plus is installed.

2. This scheduled task runs hourly, monitoring the service and triggering an email alert if it stops.

NOTE: Use the Click Here to Regenerate button to delete the existing scheduled task and create a new one if needed.

 Validation and confirmation 

• Verify that you receive test emails from the configured mail server.
  
• Simulate an event collection failure or stop the ADAudit Plus service temporarily to confirm you receive failure and service alerts.

• Review the alerts section in ADAudit Plus to confirm alerts are being generated and sent as expected.
  

 Tips 

• Schedule status alerts to run every six or 12 hours for timely updates without overwhelming your inbox.
  
• Regularly review and update recipient email addresses to ensure alerts reach the right stakeholders.

• Periodically test failure alerts and service monitor notifications to verify proper configuration.
  

 Related topics and articles 

• How to configure SMPT Server in ADAudit Plus