Using cmdlets to manage auditing

The Centrify Audit Module for PowerShell provides cmdlets that perform operations on objects that correspond to the core elements of Centrify data. The core elements of Centrify data for auditing are the following:

  • Audited computers with the Centrify auditing services
  • Collectors that transfer audited activity from audited computers to the active audit store database
  • Active and attached audit store databases
  • Management database
  • Audit installation
  • User sessions
  • Audit trail events
  • Audit roles
  • Audit role assignments

You can use the cmdlets to create, access, modify, and remove information associated with these core elements of Centrify data for auditing. Most of the cmdlets perform one of the following basic operations:

  • New-CdaXxx cmdlets create new Centrify objects, such as a new audit role or a new audit store database.
  • Get-CdaXxx cmdlets get the properties of a specified object.
  • Set-CdaXxx cmdlets set or change the properties of a specified object.
  • Remove-CdaXxx cmdlets delete a specified object.

In addition to these basic operations, there are cmdlets for attaching or detaching an audit store database, exporting session activity to a file, and for publishing installation information to Active Directory.

For reference information describing the use and parameters for each cmdlet, you can use the get-help function within the PowerShell console. For example, if you want to see a description and syntax summary for the New-CdaAuditStore cmdlet, type the following command in the PowerShell console:

get-help New-CdaAuditStore

If you want to see more detailed information about a cmdlet’s parameters and code examples, you can use the -detailed or -full option. For example, type the following command in the PowerShell console:

get-help New-CdaAuditStore -detailed