Configure the audit collector service

By default, when you click Finish, the setup program opens the Collector Configuration Wizard. Alternatively, you can launch the configuration wizard at any time by clicking Configure in the Collector Control Panel.

To configure the collector service:

  1. On the first screen of the Collector Configuration Wizard, select the DirectAuditinstallation to assign this collector to.

    If the computer is also enrolled in the Centrify Cloud Platform and you have already enabled auditing in the Admin Portal, you can choose which kind of audit installation to assign the collector to:

    • Automatic: This option configures the collector to receive audit data from systems that are enrolled in the Centrify Cloud Platform and systems that are joined to Active Directory.

      You use the Admin Portal to configure which installation is used by these systems. The systems have either the Centrify Client for Linux or Centrify Client for Windows and the audit packages installed so that auditing is enabled. These systems do not have to be joined to Active Directory.

    • Manual: This option configures the collector to receive audit data from systems that are joined to Active Directory and have either the Centrify Agent for *NIX or Centrify Agent for Windows installed and the system is enabled for auditing. For this option, select the audit installation.

    Computers that are not enrolled in the Centrify Cloud Platform have a single list of audit installations to pick from.

    Click Next to continue.

    The configuration wizard verifies that the specified installation has an audit store that services the site that the collector is in and that the collector and its audit store database are compatible.

  2. Enter the port number(s) that the collector will use to communicate with the audited systems.

    • The default port is 5063 for systems that have either the Centrify Agent for *NIX or Centrify Agent for Windows installed.
    • If the computer is also enrolled in the Centrify Cloud Platform, the default port is 5064 for systems that have either the Centrify Client for Linux or Centrify Client for Windows installed.
    • If you set the installation to Manual in the previous step, Centrify Client System port is greyed out.

      For either port, if you specify a different port and have the default Windows firewall turned on, the wizard checks whether the port is open. If the port isn't open, the wizard offers to open it for you.

      If you are using another vendor’s firewall, open the port with the tools provided by that vendor. If there’s an upstream firewall—such as a dedicated firewall appliance—between the collector and the computers to be audited, contact the appropriate personnel to open the port on that firewall.

      Click Next to continue.

  3. If the computer where you’re configuring a collector belongs to multiple audit stores in the auditing installation, choose which audit store this collector will connect to, then click Next.

    For example, two audit stores can have an overlapping scope if one audit store scope is configured for Active Directory sites and another one is set by subnets.

  4. Select whether you want to use Windows authentication or SQL Server authentication when the collector authenticates to the audit store database, then click Next.

    In most cases, you should choose Windows authentication to add the computer account to the audit store database as a trusted, incoming user.

    If Microsoft SQL Server is in a different forest or in an untrusted forest, you should use SQL Server Management Studio to set up one or more SQL Server login accounts for the collector. After you create the SQL Server login account for the collector to use, you can select SQL Server authentication, then type the SQL Server login name and password in the wizard.

  5. Type the maximum number of connections for the Microsoft SQL Server connection pool, then click Next.

  6. Review the settings for the collector, then click Next.

  7. Click Finish to close the wizard and start the collector service.