Centrify® DirectAudit® 3.0.1 Release Notes

 

© 2006-2013 Centrify Corporation.

This software is protected by international copyright laws.

All Rights Reserved.

 

Table of Contents

1.  About this Release

2.  New Features

2.1 New Features in DirectAudit 3.0.1

2.2 New Features in DirectAudit 3.0.0

2.3 New Features in DirectAudit 2.0.2

2.4 New Features in DirectAudit 2.0.1

2.5 New Features in DirectAudit 2.0.0

2.6 New Features in DirectAudit 1.3.0

2.7 New Features in DirectAudit 1.1.2

2.8 New Features in DirectAudit 1.1.0

2.9 New Features in DirectAudit 1.0.3

2.10 New Features in DirectAudit 1.0.2

3. Bugs Fixed    

4. Known Issues  

4.1 Install / Uninstall

4.2 Collector

4.3 Audit Analyzer and Session Player

4.4 Audit Manager

4.5 UNIX Agents

4.6 General

5. Additional Information and Support

 

 

1.  About DirectAudit 3.0.1

Centrify DirectAudit helps you comply with regulatory requirements through detailed auditing and logging of user activity on your UNIX, Linux, and Windows systems. With DirectAudit you can also perform immediate, in-depth troubleshooting by replaying user activity that may have contributed to system failures, and spot suspicious activity through real-time monitoring of current user sessions. These release notes contain information that updates information available in the DirectAudit Administrator's Guide as well as known issues with this release.

Centrify DirectControl is a pre-requisite for Centrify DirectAudit. The minimum version of DirectControl required by this version of DirectAudit is 4.2.0.

2.  New Features

2.1  New Features in DirectAudit 3.0.1

·    None, this is a maintenance release.

2.2           New Features in DirectAudit 3.0.0

·    Agent support is added for the following new operating systems:

-          Centos 6.3 x86 and 6.3 x86_64 (32- and 64-bit)

-          Linux Mint 12 x86 and 12 x86_64

-          OpenSUSE Linux 12.1 x86 and 12.1 x86_64

-          Oracle Solaris 11 SPARC and 11 x86_64

-          RHEL AS/ES/WS 5.8 x86 and AS/ES/WS 5.8 x86_64

-          RHEL AS/ES/WS 6.3 x86 and AS/ES/WS 6.3 x86_64

-          Fedora 17 x86 and 17 x86_64

-          Scientific Linux 5.7 x86 and 5.7 x86_64

-          Scientific Linux 6.3 x86 and 6.3 x86_64

-          Ubuntu Linux Server 12.04 x86 and 12.04 x86_64

-          VMware vMA 4.0 x86_64 4.1 x86_64 5.0 x86_64

-          Windows 2012 Server (64-bit)

-          Windows 8 (32-bit and 64-bit)

·    Agent support is no longer available for the following old operating systems:

-          Fedora 9, 10, 11, 12, and 13

·    END OF LIFE - Support of Windows Vista will be discontinued after Centrify Suite 2013.

·    DirectAudit supports auditing of a greater number of UNIX, Linux and Windows operating systems than any other comparable auditing software.  Over 400 different server operating systems are supported.

·    See DirectAudit Supported Platforms for a complete list.

·    DirectAudit now includes the ability to capture detailed UNIX and Linux keystrokes.

·    Audit trail events have been integrated for monitoring with Centrify Insight.

·    Audit Event data is searchable, by any methods including Boolean and time-based searches. Searches can be focused on specific applications, commands and files.

·    Enhanced Agent resiliency prevents unplanned Agent disruption either accidental or intentional.

·    Data Management includes automatic rollover of a collection of databases along with the ability to eliminate unneeded session data.  Data elimination and manipulation is based upon privileges assigned through user roles and rights.

·    Data is collected using one of these versions of the Microsoft SQL Server including:

-          SQL Server 2005 (not supported on Windows 8 and Server 2012)

-          SQL Server 2008

-          SQL Server 2008 R2

-          SQL Server 2012

-          Express Standard and Enterprise editions as well as 32-bit and 64-bit mode will be supported.

·    Auditing features are integrated with Centrify DirectAuthorize on the Windows platform.

·    NSS/LAM support no longer requires symbolic links to the DA shell which were prone to being removed or upgraded instead of the actual files.

2.3           New Features in DirectAudit 2.0.2

·    Agent support is added for the following new operating systems:

-          Solaris 11 and Solaris 11 Express.

-          RHEL 6.1 (32- and 64-bit)

-          RHEL 6.2 (32- and 64-bit)

-          Centos 6.1 and 6.2

-          Scientific Linux 6.1 and 6.2

2.4  New Features in DirectAudit 2.0.1

·    Agent support is added for the following new operating systems:

-          Citrix XenServer 6.0

-          Fedora 16 (32- and 64-bit)

-          OpenSuSE 12.1 (32- and 64-bit)

-          Ubuntu 11.10 Desktop (32 and 64 bit)

-          Ubuntu 11.10 Server (32 and 64 bit)

2.5  New Features in DirectAudit 2.0.0

·    Support for auditing of Windows. See documentation for versions of Windows supported.

·    Support for multiple monitors.

·    Capture and replay sessions that occur on Windows systems with multiple active displays.

·    Audit Server - centrally control, monitor and report on audit stores, audit collectors and audited systems.

·    Distributed auditor queries Query and report on sessions across multiple audit stores from single audit server.

·    Support for subnets and Active Directory sites

·    Selective audit, only capture sessions for certain Active directory users or groups.

·    Audit stores - scale session databases to multiple instances on separate hosts

·    Auto discovery and configuration. DirectAudit system agents automatically find the correct Collector, Collectors automatically find the right audit store, and the audit server can report on all components.

·    Dynamic reconfiguration. Many changes to DirectAudit system agents, Collectors and audit stores can be applied without restarting the service or system.

·    Rolling backups Create new audit store databases for backup and archiving purposes. Support for multiple attached databases per audit store including DirectAudit 1.x databases.

·    Easily add new auditors.  Access control and auditor users' permissions are based on Active Directory group membership in DA 2.0.

·    Audit security roles. Session access control defined as a query of sessions, assigned to a role.

·    Brand new Replayer with support for both Windows and NIX sessions from a single Replayer.

·    Session scrubbing with preview.  Quickly and visually examine a lengthy session through a scrub bar with preview.

·    Session magnify and zoom.  Magnify the area under the cursor with the built-in magnifying glass and zoom the entire session playback for easier reading or a birds-eye view    (* zoom not in EA).

·    Replayer CLI - Allows you to specify particular sessions to replay via the command line (URL support under development).

·    Select / copy session data. Re-player supports the selection and copy to clipboard of visible *NIX re-player data.

·    Export session - Export sessions as movies (.wmv) or text (for *NIX).

·    Powerful new query search language, Granular queries across distributed sets of sessions.

·     Ad-hoc queries, Search for command, application or text across distributed sets of sessions.

·    Enhanced installer. Single install designed for fast installation of all components on a single system for pilots and demonstration systems.

·    Secure install - Ensure that only trusted components with trusted credentials are used with auto discovery and configuration.

·    Agent support is added for the following new operating systems:

-          CentOS 4.9, 5.6, 6.0 (32- and 64-bit)

-          Debian 6 (32- and 64-bit)

-          Fedora 15 (32- and 64-bit)

-          IBM AIX 7.1

-          Oracle Enterprise Linux 6 (32- and 64-bit)

-          Red Hat Enterprise Linux 5.7, 6.1 (32- and 64-bit)

-          Scientific Linux 4.9, 5.6, 6.1 (32- and 64-bit)

-          Ubuntu Server 11.04 (32- and 64-bit)

2.6 New Features in DirectAudit 1.3.0

·    New dash.loginrecord parameter in /etc/centrifyda/centrifyda.conf. When set to true, this parameter enables "who -m" and "who am I" to operate correctly. However, setting this parameter also has the side effect that a regular "who" to list all users logged into the system will list users twice. With this parameter set to false (the default behavior), "who" reports the user list correctly, but "who am I" doesn't work properly on an audited shell.

·    Auditing can be enabled for all shells during installation

·    From Centrify Suite 2011, install.sh will offer to start auditing for all-shells during installation. There is a corresponding parameter ("DA_ENABLE") in centrify-suite.cfg for use in unattended installation and a new option, --enable-da, for use on the install.sh command line.

·    Agent support has been added for the following operating systems:

-          CentOS 4.5, 4.6, 4.7. 4.8, 5.1, 5.2, 5.3, 5.4, 5.4, 5.5 (32- and 64-bit)

-          Fedora 14 (32- and 64-bit)

-          IBM AIX 7.1

-          OpenSuSE 11.3, 11.4 (32- and 64-bit)

-          Red Hat Enterprise Linux 4.9, 5.6 (32- and 64-bit)

-          Scientific Linux 4.6, 4.7, 4.8, 5.1, 5.2, 5.3, 5.4, 5.5, 6.0 (32- and 64-bit)

-          Ubuntu Server 10.04 LTS, 10.10 (32- and 64-bit)

-          VMware ESX 4.1

2.7 New Features in DirectAudit 1.1.2

·    New default port for the DirectAudit Collector service is 5063 as registered with the IANA.

·    Console support has been added for Windows 2008 and Windows 7.

·    Supports SQL Server 2008 databases.

·    Supports FIPS 140 license keys.

·    New dash.force.audit parameter allows auditing of non-terminal sessions. dash.force.audit is a list of  binaries that must be audited. Note that they are the .daudit names for example: dash.force.audit: /usr/share/centrifydc/bin/ssh.daudit New option '--force-da-global' added to install.sh so that the user can force DirectAudit to be installed   only in a Solaris global zone.

·    Agent support has been added for the following operating systems:

-          OpenSuSE 11.1 and 11.2 (32 and 64 bit)

-          RHEL 4.8 (32 and 64 bit)

-          RHEL 5.0, 5.1, 5.2, 5.3, 5.4 (32 and 64 bit)

-          Fedora Core 10, 11, 12 (32 and 64 bit)

-          Novell SLES 11 (32 and 64 bit)

-          VMWare ESX 4 / VIMA 4

-          Debian 5 (32 and 64 bit)

-          Ubuntu 9.10 (32 and 64 bit)

-          Ubuntu 9.04 (32 and 64 bit)

-          Ubuntu 8.10 (32 and 64 bit)

-          Ubuntu 8.04 (32 and 64 bit)

2.8 New Features in DirectAudit 1.1.0

·    Support for 1-way forest trust environments

·    Only login shells audited by default. Controllable via centrifyda.conf parameter

·    Agent support is added for the following operating systems:

-          Ubuntu 6.06 (32 and 64 bit)

-          Ubuntu 7.04 (32 and 64 bit)

-          Ubuntu 7.10 (32 and 64 bit)

2.9 New Features in DirectAudit 1.0.3

·    None, this is a maintenance release.

2.10 New Features in DirectAudit 1.0.2

·    The DirectAudit agents are now compatible with DirectControl version 4.0.0.

·    Agent support is added for the following operating systems:

-          Debian 4 (32 and 64 bit)

-          OpenSuSE 10.1 (64 bit)

-          OpenSuSE 10.2 (32 and 64 bit)

-          Fedora Core 5 (32 and 64 bit

3. Bugs Fixed

·    If both Audit and Access features are installed from Centrify Windows Agent, the log off menu cannot be shown on some machines.  This issue has been fixed in this release. (Ref: 34767)

4. Known Issues

The following sections describe known issues, suggestions, and limitations associated with DirectAudit.

4.1 Install / Uninstall

·    Invoking setup.exe with all DirectAudit component selections marked by default to be installed on a single audited host machine is known as the “Easy Install”.

·    If you were involved in the Centrify Suite 2013 Beta program, you cannot use your Beta databases with the final version of Centrify Suite 2013, you should delete them prior to the installation.

·    To use the “Easy Install” option; you must have Domain Administrator privileges. If you use individual .EXE or .MSI installers, they do not have this limitation.

·    In previous versions of DirectAudit, it was possible to specify the location of the database file. In DirectAudit 2.0.0 and later this capability is not provided in the Audit Store Database Wizard. However, you can still specify the full text-file location, database file location or the transaction log-file location by choosing "View SQL Scripts" and modifying the relevant database location manually in the script.

·    SQL Server 2005 Express - if you change the date and time format on the database machine to English (Singapore), some of the stored procedures respond with an error “Locale not supported” while other stored procedures continue to work fine. This problem does not occur on other SQL Server versions.

·    Installation of SQL Server Express can take a long time. When you are installing the Centrify Audit Analyzer or DirectManage Audit Manager software, some install options include the installation of Microsoft SQL Server Express. In some cases, installation of SQL Server Express can take 10-15 minutes, during which time there is no feedback on the screen. Do not terminate the installation at this lack of feedback is expected behavior.

·    If you uninstall the Audit Collector component on a computer that is not joined to the domain, you will see the following messages during an uninstall operation:

 

The specified domain either does not exist or could not be contacted.

(Exception from HRESULT: 0x8007054B)

 

Despite the alert message, the Audit Collector is successfully uninstalled when you click OK.

·    The Agent software fails to initialize on some systems. The problem may be the result of corrupted performance counters that cannot be deleted. When you use the System Monitor tool, some counters may be missing or may not contain counter data. The base set of performance counter libraries may become corrupted and may need to be rebuilt. Additionally, you may need to rebuild any custom application counters created by the .NET Framework or any extensible counters.

 

The workaround is to delete any corrupted counter manually using lodctr

 

lodctr /S:filename

lodctr /R:filename

 

·    If the default memory setting for SQL server is more than the actual memory in the system a memory error may occur. For more information see:

http://social.msdn.microsoft.com/Forums/en-US/sqldatabaseengine/thread/74a94f06-adf5-4059-bb92-57a99def37bd/

 

·    The standard "Files in use" check of the installer finds whether a reboot is required and shows this message:

 

The setup must update files or services that cannot be updated while the system is running. If you choose to continue, a reboot will be required to complete the setup

 

Since this check is always done before an upgrade, it detects when an existing service is running and prompts you to restart. When the upgrade proceeds, the existing service is stopped and its locks are removed thereby eliminating the need for a mandatory reboot. However, a reboot is recommended since it would ensure that all components are installed correctly.

 

·    During upgrade, the following message is displayed twice

 

The setup must update files or services that cannot be updated while the system is running. If you choose to continue, a reboot will be required to complete the setup

 

A reboot is required if a service is running during an upgrade and it has a lock preventing replacement of the binary files. If later on the installer finds that the service is no longer running, a reboot is not necessary. A reboot would ensure that all components are installed correctly.

 

·    DirectAudit agent 3.0 will require a 3.0 DirectAudit collector. The DirectAudit collector 3.0 will be backward compatible with previous versions of the DirectAudit agent. We recommend upgrading the DirectAudit collector before upgrading any agent

·    In a scenario where a DirectAudit 1.x database has been attached to a DirectAudit 2.x installation initially, and subsequently attached to a DirectAudit 3.x installation; or in an alternative scenario, the DirectAudit 2.x installation (already attached to a DirectAudit 1.x database) is upgraded directly to a DirectAudit 3.x installation, misleads the user into the belief that DirectAudit 1.x database has been upgraded. In actual fact, the DirectAudit 1.x database is never changed; DirectAudit 1.x console will continue to be compatible with a DirectAudit 3.x installation after the upgrade. If, however, a DirectAudit 1.x database that has never been attached to DirectAudit 2.x installation is attached initially to a DirectAudit 3.x installation, the operation will proceed as expected.

·    When upgrading from Suite 2013 beta software to Suite 2013 GA, in rare cases a user may notice that the DirectManage Audit Manager snap-in is not loaded and you see the message "MMC could not create the snap-in" error. If you see that message, either repair the existing installation or uninstall and install it one more time.

·    In the Installation properties, on the Audit Notification page, a .gif image is not supported.

·    After installing the DirectAudit software, Audit Trail data may not be found in the DirectAudit database. The problem occurs when DirectAuthorize is installed first, followed by an operating system restart and finally by a fresh installation of DirectAudit. In order to resolve this problem, restart the operating system again after the DirectAudit installation. This issue may also be seen when upgrading from the Beta release.

·    If you are upgrading from a beta release of the Centrify Suite 2013, there is no message that indicates the Centrify Windows Agent for Access was upgraded and a system reboot was required. The Centrify Windows Agent for Access remains under inactive status until a reboot is performed.

·    User must restart the system after uninstalling the Access component of Centrify Windows Agent. Failure to do so will result in error message such as "A local error has occurred" if user tries to access other Centrify components (e.g. Centrify DirectManage Audit Collector Control Panel or Centrify DirectManage Audit Manager) or if the user tries to install other Centrify DirectManage Audit or Access components.

·    This release of DirectAudit does not support Server Core 2008 and Server Core 2012.

4.2 Collector

·    In the Collector Configuration Wizard, if the account credentials you give for the SQL Server do not match an existing account on the SQL Server, and you have the rights to create SQL Server accounts, the given credentials will be used to automatically create a new SQL Server account.

4.3 Audit Analyzer and Session Player

·    If the active audit management database spans two databases, the Audit Analyzer will show UNIX sessions as "Disconnected" until some data is received from those sessions. Once data has been received, the session state will change to "In Progress".

·    If the session player window is blank when you are replaying a session, and you are using a 32-bit SQL Server instance, it is possible that the SQL server has run out of memory. Giving more memory to the SQL server by using the -g384 switch on the SQL Server should resolve the issue. To add more memory:

-          Open the SQL Server configuration manager

-          Stop the instance

-          Add the parameter "-g384"

-          Start the instance

-          Reopen the failing session on the session player and it should now play normally.

·    DirectAudit does not support the export of audited sessions as WMV files on Windows systems with dual monitors in extended mode.

·    During an audited session, if you change the system color from 8 bit to 32 bit, the captured session will not display properly until the next audited session is started.

·    Entering specific keywords in the “Application” Event list column, will not filter on the keywords as expected. Entering the search term "c" will locate the string "Windows Explorer". This is because application characteristics are stored in the database as a set of related attributes as follows: "Explorer.EXE | Microsoft® Windows® Operating System | Windows Explorer | Microsoft Corporation | 6.1.7600.16385" A match with any of the Windows Explorer attributes will yield “Windows Explorer".  This issue will be addressed in an upcoming release.

·    After upgrade from the Beta release to DirectAudit 3.0, open the Audit Analyzer to connect to the installation which was configured previously results in the message “Cannot find the predefined query: Sessions to be Deleted”. You should remove the Beta release and perform a fresh installation.

4.4 Audit Manager

·    If a local administrator configures an installation but does not have Active Directory administrative privileges, the Configuration Wizard displays an error message that the user does not have permission to create the publication location. This issue is caused by the scpcreator service, which is responsible for creating the publication location for a non-administration user, when the service does not start in timely fashion.  To work around this issue, increase the default service startup timeout value in the registry and restart the computer. Open the registry editor and navigate to

HKLM > SYSTEM > CurrentControlSet > Control

Add a new DWORD key with name ServicesPipeTimeout and set its value to a number higher than 30000 (30 sec). The recommended value is 120000 (decimal) or higher.

·    Permissions granted to a Domain Local group may not take effect because the resources may be in different domains.  Grant permissions instead to the Global group or Universal group in order to avoid the confusion.

·    The Audit Manager installed from the Beta release attempts to connect to a installation created via the released version prompts for the information "The Management Database is an earlier version....A database upgrade is available ….” This is due to compatibility issues between the beta and released version.

4.5 UNIX Agents

·    Only interactive sessions are audited by default, When a script is launched, DirectAudit interprets it as a new shell and creates a new empty session. To eliminate the creation of a large number of empty sessions, auditing is restricted to login shells ensuring DirectAudit does not create these new empty sessions. You can, however, configure DirectAudit to begin auditing whenever an audit-enabled shell is invoked from a terminal session, not just from a login shell. To configure DirectAudit to audit an audit-enabled shell:

1)  On the audited machine, open the DirectAudit configuration file /etc/centrifyda/centrifyda.conf with a text editor.

2)  Add the following lines to the file:  

# configure DirectAudit to audit anytime dash is run.

dash.allinvoked: true

Note: When not explicitly in the configuration file, dash.allinvoked is implicitly false by default. If you want to revert to auditing login shells only, you can simply delete dash.allinvoked: true from the configuration file.

·    Auditing init during startup on UNIX is not possible.  The init command used during the boot process may not be audited using per command auditing; attempting to do so will result in an operating system that does not reboot properly. The init command is properly audited when it is run from an audited shell.

·    In auditing with the --per-user shell option when enabling auditing of UNIX users, the following limitations apply:

-          Inability to login via telnet or other /bin/login related method. If this occurs, try moving the shell to a shorter path as it may be caused by the length of the pathname to the shell.

-          Indirect links are not enabled automatically.

-          Restricted shells like ksh will always run in “restricted" mode.

·    You cannot start a GUI session if you are logged in via an interactive session.  Running startx or starting a GUI session from an interactive session results in the following message:

X: user not authorized to run the X server, aborting.

Workaround:

-          Run "sudo dpkg-reconfigure x11-common"

-          When prompted for users allowed to start the X server, choose "anybody" (the default is "console users only").

 

The GUI session / X server should start normally.

·    If the host name of the collector is changed in /etc/resolv.conf, it will not pick up the new host name automatically. The dad program should be restarted for this to occur.

·    A local user cannot be audited when logging in via built-in ssh, due to a change in AIX 7.0 ML1. Customers are advised to install Centrify OpenSSH if auditing of ssh login by local users is required (REF: 33299).

·    For more information on known issues with individual UNIX platforms, see the release notes included with each platform agent bundle.

·    To audit the GUI terminal emulators, GUI login managers have to be fully reinitialized after auditing is enabled. On Linux, "init 3 && init 5" will start the reinitialization. (Killing the X server only, or pressing ctrl+alt+backspace in Gnome, will not do it.)

·    The dzinfo utility is run by a wrapper script. The actual executable of dzinfo is located in /usr/share/centrifydc/libexec/dzinfo.

To enable auditing on dzinfo, a user is required to audit /usr/share/centrifydc/libexec/dzinfo.

NOTE: /usr/bin/dzinfo and /usr/share/centrifydc/bin/dzinfo are symbolic links to the wrapper script /usr/share/centrifydc/bin/cdcexec. Ensure that the executable, and not a symbolic link or wrapper script is audited.

·    On Solaris, the following commands, located in /usr/bin, may be a ksh script:

    alias   bg      cd

    command fc      fg

    getopts hash    jobs

    kill    read    test

    type    ulimit  umask  

    unalias wait

To identify such commands, see this is a script that does the following:

    #!/bin/ksh -p

    cmd=`basename $0`

    $cmd "$@"

These commands are implemented internally by ksh, many as scripts, and should not be audited.

·    On a system using SMF (Service Management Facility), such as Solaris 10, the DirectAudit daemon may not start up after an upgrade from DirectAudit 1.x. This does not affect a fresh installation. To bring the daemon up, run these commands:

1)  svcadm disable centrifyda

2)  svcadm enable centrifyda

Run 'svcs' and find 'centrifyda' to confirm the daemon is online.

·    When a local user and an Active Directory user use the same UNIX user name, the user name will default to the name of the Active Directory user. If the local user name is intended, setting the pam.allow.override parameter in /etc/centrifydc/centrifydc.conf will help. After this setting, the user name implies the Active Directory user; and <username>@localhost will implies the local user.

DirectAudit 3.0 understands the "@localhost" syntax. DirectControl UNIX Agent will respond to <username>@localhost if the user name is set in pam.allow.override;

·    On Solaris some upgrades from DirectAudit 3.0 Beta to the DirectAudit 3.0 may fail. This problem occurs on Solaris machines with NSS2 support. DirectAudit can be reinstalled (upgraded from the Beta Release) manually using pkgadd. It is safe to ignore warnings and continue.

·    On most Solaris platforms when the Solaris global zone is detected the prompt reads, “Would you like to join the zone?”(Y). However, on the Solaris 11 platform, the the default query response has been inverted, “Would you like to join the zone?”(N).

·    Upgrading from DirectAudit 2.0.2 requires disabling DirectAudit so that the new DirectAudit mechanism for hooking shells can be installed. Please run 'dacontrol -d' to disable auditing, and then restart upgrading.

·    Some events related to the login script are not listed in the indexed events list. The Login script cannot be audited for an initial few seconds because the Agent software is still being set up.

·    If install/upgrade fails, do not repeat the failed steps leading up to the problem. You need to cleanup by uninstalling and re-installing.

·    Active Directory user fails to login a newly created WPAR on AIX.

·    In a newly created WPAR, the /var/krb5/security/creds/ directory does not exist.  DirectControl post-install script will create it with root permissions.  However, it does not change its permission to make it a world-writable directory.  You need to manually fix up the permissions (REF#: 39909).

 

4.6. General

·    You cannot configure DirectAudit using SQL Server 2008 using Easy Install on Windows 8 and Windows Server 2012. Please ensure that you are using the SQL Server version listed on http://www.centrify.com/support/download-sql-server.asp

·    An Administrative Template file (audittrail.adm) is available in the Audit Manager Installation folder that can be used for setting the Audit Trail targets.   Available targets are:  0 for none, 1 for Audit Store, 2 for Windows Application log, and 3 for both.

·    When the Centrify DirectAudit Management Server is configured, either the Windows authentication or the SQL server authentication information needs to be configured on the Configuration wizard Authentication Type page. If an account does not exist, please ensure that you create one. If this is not done, the error message, "failed to verify whether the Audit Management Server has permissions to access the Management database for the account...." is displayed. Once this has been done, ensure that for the Management database, the database role membership has the "user" privilege selected.

·    SQL Server 2005 full text search categorizes certain words as noise words by default and ignores them for searches. Some noise words are common UNIX commands such as like, which, do, and while. The full list is provided below.

Users can change the noise word list by modifying this file (for US English): C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\FTData\noiseENU.txt

      about, 1, after, 2, all, also, 3, an, 4, and, 5, another, 6,

      any, 7, are, 8, as, 9, at, 0, be, $, because, been, before,

      being, between, both, but, by, came, can, come, could, did,

      do, does, each, else, for, from, get, got, has, had, he,

      have, her, here, him, himself, his, how, if, in, into, is,

      it, its, just, like, make, many, me, might, more, most, much,

      must, my, never, no, now, of, on, only, or, other, our, out,

      over, re, said, same, see, should, since, so, some, still,

      such, take, than, that, the, their, them, then, there, these,

      they, this, those, through, to, too, under, up, use, very,

      want, was, way, we, well, were, what, when, where, which,

      while, who, will, with, would, you, your, A, B, C, D, E, F,

      G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z

For the most up-to-date list of known issues, refer to the Knowledge Base article in the Centrify Support Portal, for the latest known issues with DirectAudit 3.0.

5. Additional Information and Support

In addition to the documentation provided with this package, you can find the answers to common questions and information about any general or platform-specific known limitations as well as tips and suggestions from the Centrify Knowledge Base.

You can also contact Centrify Support directly with your questions through the Centrify Web site, by email, or by telephone. To contact Centrify Support or to get help with installing or using this version of Centrify DirectAudit, send email to Support or call 1-408-542-7500, option 2.

For information about purchasing or evaluating Centrify products, send email to info.