IDG News Service - Through a new plug-in, Splunk has extended the capabilities of its namesake machine data search engine so it can mine operational information about Microsoft Active Directory deployments.
"There are a lot of challenges in managing an Active Directory infrastructure. We meet customers who have large Active Directory environments and they want to know what is happening before their users call in and complain they can't log in," said Manish Kalra, Splunk director of product marketing. "By getting all the log files and event logs from the Active Directory, we can see problems as they are happening."
With the Splunk App for Active Directory, administrators will be able to monitor Active directory operations, diagnose problems and anticipate upcoming issues. Splunk is demonstrating the application at Microsoft TechEd Europe 2012, being held this week in Amsterdam. It builds upon a similar tool the company released for Microsoft Exchange last year, Kalra said.
Run from Windows Server, Active Directory is Microsoft's user directory software, widely used in enterprises for user authentication as well as for configuration information about user computers.
The Splunk App for Active Directory offers a dashboard of common metrics to watch for in large Active Directory deployments. It can monitor operations at the forest level, site level, domain level or at individual domain controllers. The software can monitor for unusual activity, activity that could come from a security breach or some other form of non-compliant system usage. For instance, it can alert the administrator when there is an attempted log-in of a disabled account, or if two attempted log-ins from different geographic regions happen within a short period of time.
The software can also be used to audit changes made to group or user policies. Undocumented group policy changes are among "the biggest challenges we hear about" from large organizations, Kalra said. Changes in group policies can sometimes lead to unexpected issues. Usually an administrator won't hear about the trouble-causing change until a user complains. "We can tell you when a policy changed and who made the change," Kalra said.
The Splunk App for Active Directory is free, on the Splunkbase repository of apps, and requires Splunk Enterprise version 4.3 to operate.
Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com
Free Insider Guide
Our weekly newsletter will cover a wide range of topics and trends related to consumerization. Stay up to date with news, reviews and in-depth coverage of BYOD, smartphones, tablets, MDM, cloud, social and how consumerization affects IT. Subscribe now!
Copyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
