The Microsoft Active Directory Insight Pack gives customers support to ingest data from Microsoft Active Directory logs into IBM Operations Analytics – Log Analysis. They can then use a rich set of analytical dashboards to visualize metadata and derived metrics from log content, along with performing additional queries on the content.
The following dynamic dashboards are provided to help visualize the log data and are added to the Search Dashboards pane.
Microsoft Active Directory Event Level Dashboard
This dashboard displays event log-level distribution charts for the configured time period.
Microsoft Active Directory Events Dashboard
This dashboard displays distribution charts for the top 10 events (for severe log levels, such as, critical, error, and warning) for the configured time period.
Note: The event logs are filtered to display events from the Windows event logs in the Microsoft Active Directory environment that are specific to the Microsoft Active Directory providers.
The Insight Pack includes support for ingesting and performing metadata searches against the following log files.Â A Windows server machine that is configured as a domain controller logs events in these event logs.
Directory Service event log
The Directory Service event log contains events that the Windows Active Directory service logs. For example, it contains events related to the connection problems between the server and the global catalog.
DFS Replication event log
The DFS Replication event log contains events that the Windows Distributed File System (DFS) Replication service logs. For example, it contains events related to the SYSVOL directory file replication failures and events that occur when domain controllers are updated with the information about system volume changes.
Active Directory Web Services event log:
For Windows Server 2008 R2 onwards, the Active Directory Web Services event log contains events that the Windows Active Directory Web Services (ADWS) logs. For example, it contains events related to invalid directory instance access through ADWS.
DNS Server event log:
Additionally, a Windows Server machine configured as a Domain Name System (DNS) server records events in this event log. The DNS Server event log contains events that the Windows DNS service logs.
Note: Event logs are processed using Windows OS Events Insight Pack. For more information, see Windows OS Events Insight Pack documentation.
Refer to the User Guide included in the Insight Pack for additional information on the Insight Packs and steps for installing and configuring.
Review the following video for information on using and setting up the Insight Pack.
IBM Operations Analytics-Log Analysis Insight Packs for Infrastructure-Premium Install License.
Cost: License Fee
- IBM Operations Analytics â€“ Log Analysis version 1.3.0 or above
- Microsoft Active Directory 2008, 2012
- Windows OS Events Insight Pack v18.104.22.168 (for processing the event logs from Microsoft Active Directory environment).
- Purchased â€śIBM Operations Analytics-Log Analysis Insight Packs for Infrastructure-Premium 1.1â€ť License for each installed Insight Pack.
This package is subject to the License terms included with the Insight Pack, along with those displayed upon download.
To report a problem with deploying this entry, entitled customers may contact the country specific IBM support channel, reference the IBM Worldwide Directory. Also use the “Support” link to access the support site for IBM Operations Analytics – Log Analysis information.