Using cmdlets to manage auditing
The Centrify Audit Module for PowerShell provides cmdlets that perform operations on objects that correspond to the core elements of Centrify data. The core elements of Centrify data for auditing are the following:
- Audited computers with the Centrify auditing services
- Collectors that transfer audited activity from audited computers to the active audit store database
- Active and attached audit store databases
- Management database
- Audit installation
- User sessions
- Audit trail events
- Audit roles
- Audit role assignments
You can use the cmdlets to create, access, modify, and remove information associated with these core elements of Centrify data for auditing. Most of the cmdlets perform one of the following basic operations:
New-CdaXxxcmdlets create new Centrify objects, such as a new audit role or a new audit store database.
Get-CdaXxxcmdlets get the properties of a specified object.
Set-CdaXxxcmdlets set or change the properties of a specified object.
Remove-CdaXxxcmdlets delete a specified object.
In addition to these basic operations, there are cmdlets for attaching or detaching an audit store database, exporting session activity to a file, and for publishing installation information to Active Directory.
For reference information describing the use and parameters for each cmdlet, you can use the
get-help function within the PowerShell console. For example, if you want to see a description and syntax summary for the
New-CdaAuditStore cmdlet, type the following command in the PowerShell console:
If you want to see more detailed information about a cmdlet’s parameters and code examples, you can use the
-full option. For example, type the following command in the PowerShell console:
get-help New-CdaAuditStore -detailed