How to exclude data from Windows Server Audit Reports

Windows Server
6.5 and older
https://kb.netwrix.com/813
Copy Article URL Copied

How to exclude data from Windows Server Audit reports or data collection?


There are special configuration files in the program installation folder, that allow exclusion of data from reports.
Select the required configuration file, edit it, save changes and close. Data will be excluded from further reports/data collection
  1. omitdblist.txt

This file contains a list of objects that will be omitted from SSRS-based Reports – changes to these objects will not be added to SQL database, but will be stored in audit archive and displayed in change summary reports.

Strings should be added in the following format:

Managed Object name,who changed,server name,object type,resource path,property name

Wildcards (*,?) are supported.

Example:
Add the following string to exclude from storing at SQL database all events related to HKLMSoftwareWow6432Netwrix node
*,*,*,Registry Key,Registry\HKEY_LOCAL_MACHINE\SOFTWARE\NETWRIX*,*

  1. omitreportist.txt

This file contains a list of objects that will be omitted from Change Summaries – data will not be displayed in change summary reports, but will be stored in the audit archive and added to the SQL database

Strings should be added in the following format:

Managed Object name,who changed,server name,object type,resource path,property name

Wildcards (*,?) are supported.

Example:
Add the following string to exclude from email reports all events related to HKLMSoftwareWow6432Netwrix node
*,*,*,Registry Key,Registry\HKEY_LOCAL_MACHINE\SOFTWARE\NETWRIX*,*

  1. omitstorelist.txt

This file contains a list of objects that will be omitted from data collection – changes of this type will not be collected at all.

Strings should be added in the following format:

Managed Object name,server name,class name,property name,property value

Wildcards (*,?) are supported.

Example:
Add the following string to exclude from collection all events related to HKLMSoftwareWow6432Netwrix node
*,*,StdServerRegProv,name,HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\Netwrix

  1. omiterrors.txt
This file contains a list of errors/warnings that will be omitted from Change Summaries (email reports) or Session details.
Specify full error/warning text as it appears in a Change Summary email or Session details in the following format:
Managed Object Name,server name,error text

Wildcards (*,?) are supported.

Example:
Add the following string to hide all errors related to agent timeouts on all servers:
*,*,Agent operation failed due to the following error: The operation has timed out* 

More details and examples can be found in the files themselves.

Go Up