Splunk search extended to Microsoft Active Directory
Splunk's new module helps with the task of monitoring large Active Directory deployments
IDG News Service - Through a new plug-in, Splunk has extended the capabilities of its namesake machine data search engine so it can mine operational information about Microsoft Active Directory deployments.
"There are a lot of challenges in managing an Active Directory infrastructure. We meet customers who have large Active Directory environments and they want to know what is happening before their users call in and complain they can't log in," said Manish Kalra, Splunk director of product marketing. "By getting all the log files and event logs from the Active Directory, we can see problems as they are happening."
With the Splunk App for Active Directory, administrators will be able to monitor Active directory operations, diagnose problems and anticipate upcoming issues. Splunk is demonstrating the application at Microsoft TechEd Europe 2012, being held this week in Amsterdam. It builds upon a similar tool the company released for Microsoft Exchange last year, Kalra said.
Run from Windows Server, Active Directory is Microsoft's user directory software, widely used in enterprises for user authentication as well as for configuration information about user computers.
The Splunk App for Active Directory offers a dashboard of common metrics to watch for in large Active Directory deployments. It can monitor operations at the forest level, site level, domain level or at individual domain controllers. The software can monitor for unusual activity, activity that could come from a security breach or some other form of non-compliant system usage. For instance, it can alert the administrator when there is an attempted log-in of a disabled account, or if two attempted log-ins from different geographic regions happen within a short period of time.
The software can also be used to audit changes made to group or user policies. Undocumented group policy changes are among "the biggest challenges we hear about" from large organizations, Kalra said. Changes in group policies can sometimes lead to unexpected issues. Usually an administrator won't hear about the trouble-causing change until a user complains. "We can tell you when a policy changed and who made the change," Kalra said.
- How Four Citrix Customers Solved the Enterprise Mobility Challenge Managing mobile devices, data and all types of apps-Windows, datacenter, web and native mobile- through a single solution.
- 8 Steps to Fill the Mobile Enterprise Application Gap Traveling executives and Millennials alike expect to communicate, collaborate and access their important work applications and data from anywhere on whatever device they...
- Seattle Children's Accelerates Citrix Login Times by 500% with Cross-Tier Insight Seattle Children's is a leading research hospital with a large and growing Citrix XenDesktop deployment. With ExtraHop, the IT team at Seattle Children's...
- McKesson Makes Application Hosting for Hospitals Faster, More Efficient With ExtraHop, McKesson identified the root cause of slow Citrix XenApp application launches and adopted a more intelligent, proactive IT operations model that...
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt.
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Applications White Papers | Webcasts