Event Analyst ships with many commonly-used reports - most designed specifically because of customer demand. If you face regulatory compliance or internal compliance standards, be sure to share this page with your compliance specialists. And, don't forget that if your specific report is not already provided, Event Analyst ships with a custom report designer.

If you do have a need for a report not currently shipping with Event Analyst, please email feedback {at} doriansoft.com and let us know about it.

In direct response to the requests of customers, Dorian Software has created condensed versions of these reports:

Logon Failures - Active Directory (Kerberos)
Logon Failures - Local Workstations and Servers
Successful Logons - Workstations and Servers

These condensed reports are useful to all organizations, but are especially useful to larger organizations with great volumes of auditing data. Since they present tallies of logon information by user, they reduce the size of the report, and compensate for excessive logon audits generated by malfunctioning service accounts and network utility software. In addition to the condensed versions of the reports, the detailed versions remain available to track all logon activity for certain users or all users.

Reports for tracking file and folder access and deletion "condense" successful and failed attempts by users to access objects, and an object deletion activity report that performs automatic event correlation.

Also among the available Event Analyst reports are these more recent additions:

Password Change Attempts By Users
Password Reset Attempts By Administrators or Account Operators
Successful Network Logons - Workstations and Servers (Condensed)
Successful Network Logons - Workstations and Servers (Detailed)
Computer Account Management
Tracks the addition, removal, and modification of computer accounts within your domain, and shows the user responsible for the action.
Unexpected Shutdown Tracker
Displays the reasons given by administrators and server operators for unexpected shutdowns on Windows 2003 servers.

For more on what reports are available with Event Analyst, request access to our online narrated demonstrations by emailing demos {at] doriansoft.com or download the free evaluation software from our Download Center at www.doriansoft.com/download.

Meanwhile, take a look at this partial listing with sample screen shots:

Directory Service Access Attempts - Successes
[Screenshot 1] [Screenshot 2]
This report tracks all successful Active Directory object access attempts. Access attempts are sorted by user and the type of object being accessed. Use this report to determine who is making changes to specific Active Directory objects.

Error and Warning Activity
[Screenshot 1] [Screenshot 2] [Screenshot 3]
This report displays all sources which have registered error or warning events inside the event log. Use the report to identify certain applications or system hardware which may not be functioning correctly.

Event Activity By Source Name
[Screenshot]
Use this report to see tallies of event types (e.g. warnings, information events) for all source names represented in the event log data you selected. This can be useful in pinpointing log sources which are raising abnormally large amounts of events, etc.

Failed Object Access Attempts
[Screenshot 1] [Screenshot 2] [Screenshot 3]
This report displays failed object access attempts, sorted by user and by the type of object being accessed. Furthermore, the report indicates whether or not an attempt to open the object was made locally, or over the network. Use this report to determine when users are attempting to access resources they do not have permission to use (open).

Filtered Event Frequency Within a 24-Hour Window
[Screenshot 1] [Screenshot 2] [Screenshot 3]
This report, given a filtered event log source, calculates the number of events found during each hour of a 24-hour daily window. Therefore, you can use this report to track how frequenly particular activities occur during different times of the day, such as logon attempts, etc.

Group Management
[Screenshot 1] [Screenshot 2] [Screenshot 3] [Screenshot 4]
The group management report tracks group creation, deletion, and general group modifications (other than membership changes). For convenience, group management actions are sorted by the administrator account modifying the group, the group account being modified, and the type of action performed. In addition, the report is also sorted by the scope of group affected (e.g. local, global, and universal).

Group Membership Activity
[Screenshot 1] [Screenshot 2] [Screenshot 3] [Screenshot 4] [Screenshot 5]
This report tracks changes to group membership over time. Use this report to quickly determine what groups have had their memberships modified, and the administrator account responsible for changing the membership.

Logging Verboseness by Source
[Screenshot 1] [Screenshot 2]
This report calculates the average number of events generated per hour by sources present in the event log. Use this information to determine which sources are responsible for the majority of event log entries. If configurable, you may want to reduce how verbose these applications or subsystems are in regards to event logging.

Logon Failures - Active Directory (Kerberos)
[Screenshot 1] [Screenshot 2] [Screenshot 3] [Screenshot 4]
This report tracks Kerberos logon failures of domain accounts that are recorded on Active Directory servers. Use the Logon Failures - Local Logons on Workstations and Servers report to track local logon failures that occur on individual workstations and servers.

Logon Failures - Local Logons on Workstations and Servers
[Screenshot 1] [Screenshot 2] [Screenshot 3] [Screenshot 4]
This report quickly summarizes all failed local logons (e.g. Interactive, Terminal Server, Service Account, IIS) in a given event log source. Use this report to determine unauthorized access attempts or other violations of logon policy. Failures are sorted both by the offending user account, and by the type of logon failure. To track account logon failures (e.g. Kerberos) on Windows 2000 and 2003 domain controllers, use the Logon Failures - Active Directory (Kerberos) report.

Object Access Attempts - Failures
[Screenshot 1] [Screenshot 2] [Screenshot 3]
This report displays failed object access attempts, sorted by user and by the type of object being accessed. Furthermore, the report indicates whether or not an attempt to open the object was made locally, or over the network. Use this report to determine when users are attempting to access resources they do not have permission to use (open).

Object Access Attempts - Successes
[Screenshot 1] [Screenshot 2]
This report displays successful object access attempts, sorted by user and by the type of object being accessed. Furthermore, the report indicates whether or not an attempt to open the object was made locally, or over the network. Use this report to determine who is making changes to files, folder, and registry entries.

Printer Activity
[Screenshot 1] [Screenshot 2] [Screenshot 3]
This report reviews all print job events in a system log source, and tallies print resources used by individual users, over all printers and on individual printers.

Process (Program) Usage
[Screenshot 1] [Screenshot 2] [Screenshot 3]
Use this report to determine how often users execute certain programs.

Shutdown and Restart Activity Tracker
[Screenshot 1] [Screenshot 2] [Screenshot 3]
Use this report to view shutdown and restart activity on Windows 2003
Servers and Windows XP Workstations with the Shutdown Tracker enabled.

Successful Logons - Workstations and Servers
[Screenshot 1] [Screenshot 2]
This report quickly summarizes all successful non-Kerberos logons on a workstation or server. Use this report to determine when users logon to local and network systems. Logons are sorted both by the user account name, as well as the computer where the logon occurred.

System Uptime Approximation
[Screenshot 1] [Screenshot 2]
This report is designed to display an uptime approximation for one or more computers, given a system event log source. Because event log activity is not constant, this report should be viewed as a useful approximation of server reliability, but not an absolute calculation of uptime percentages.

Top 10 Most Frequently Occurring Events
[Screenshot 1] [Screenshot 2] [Screenshot 1]
This report displays the top 10 most frequently occurring events from a given event log source, ordered from most frequent to least frequent with percentages. Use this report to identify trends like network utilization, hardware errors, or security problems. Although an example event is displayed for each of the most frequent entries, the actual description can vary due to different parameters.

User Account Lockouts
[Screenshot 1] [Screenshot 2] [Screenshot 3]
Use this report to track when user accounts are locked out due to logon failures and violations of logon policy. You can use this report to track local and domain user lockouts.

User Account Management
[Screenshot 1] [Screenshot 2] [Screenshot 3]
This report tracks all user account management activities, such as account creation, deletion, and modification. Furthermore, modified accounts are sorted by account name, the administrator account managing the user, and the type of management performed.

User Activity
[Screenshot]
This report reveals summary information regarding recorded user activity in an event log source. It displays the starting and ending dates of their activity, as well the types of events that are being recorded (e.g. failure audits), and how their auditable activities compare to their peers in frequency. This report may also prove useful in determining whether or not a user is attempting to gain unauthorized access to auditable resources, especially if they have recorded a high number of failure audits.

User Activity in Auditing Categories
[Screenshot]
This report quickly tallies of user activity in all auditing categories, so you can quickly see if there is atypical activity occurring on the network or on certain computers (e.g. many failed logons, etc).

User Sessions (Total Logon Times)
[Screenshot 1] [Screenshot 2] [Screenshot 3]
This report tracks interactive user and Terminal Services user logons and logoffs, determining the time of each user's session on the computer. NOTE: In certain circumstances, unclosed process handles can prevent corresponding logoff events from being generated in the Security log. Therefore, some session times may be approximated if a logoff event cannot be found.

 

Dorian Software Creations, Inc. Phone 678.222.3443 | Toll Free 1.866.682.3646 | Fax 413.647.8727 Email sales@doriansoft.com || Copyright 2001-2008 Dorian Software Creations, Inc. || || For questions and comments about this site, contact the  webmaster. ||

Copyright © 2000-2008 Dorian Software Creations, Inc. All rights reserved. Event Archiver, Event Analyst, Event Alarm, and Event Rover are trademarks or registered trademarks of Dorian Software Creations, Inc. Windows, Microsoft Windows, Microsoft Windows NT, Microsoft Windows XP, Microsoft Windows 2000, Microsoft Windows 2003, Windows Vista, Windows Server, Microsoft Access, Microsoft SQL, and Active Directory are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. All other trademarks are the trademarks of their respective companies.