Where does Netwrix Auditor collect security logs? What are the Lightweight Agents designed for?
Security logs are automatically collected from all domain controllers. The Agents can also be enabled to improve and speed up this process in highly loaded networks. An agent is a lightweight executable that runs on domain controllers, collects data, pre-filters it and then sends it to Netwrix Auditor in a highly compressed format.
To enable Agents, navigate to Netwrix Auditor -> <your_Managed_object> -> Active Directory and check "Enable Lightweight Agents" option. By default, this option will enable agents on all domain controllers. You can also enable agent during the Managed Object creation.
The agent.ini file in the program installation folder provides for more specific and granular control over the agent behavior. This file can be used to specify the domain controllers to be processed by the agents with the following options:
Remote: process a domain controller without agent
Agent: process a domain controller with agent
Skip: do not process a domain controller
You have 6 domain controllers; 5 of them are located in New York and 1 in Seattle. You do not need to use agents in the New York domain controllers since they have fast network connections while the one loocated in Seattle is slow due to its distance from the main office. You can enable Lightweight Agents in Netwrix Auditor, open agent.ini and specify the agent monitoring as follows: