Skip to main content

Output Types

Once a domain or a host is being monitored the event stream can be sent to multiple outputs. There are three types of outputs:

  • File – Creates an activity log as a TSV or JSON file for every day of activity

  • Syslog – Sends activity events to the configured SIEM server For Monitored Hosts, this options is also used to send activity events to Netwrix Threat Manager, where supported

  • Netwrix Threat Manager (StealthDEFEND) – Sends activity events to Netwrix Threat Manager or receives Active Directory monitoring events from Netwrix Threat Prevention for integration with Netwrix Access Analyzer (formerly Enterprise Auditor)

    NOTE: This output is only available for Monitored Domains

See the Output for Monitored Domains topic and the Output for Monitored Hosts topic for information on adding an output.

Output configurations vary based on the type of domain/host selected.

For Active Directory Domains

Output Properties window has the following tabs:

For Dell Device Hosts

Output Properties window has the following tabs:

For Exchange Online Hosts

Output Properties window has the following tabs:

For Hitachi Hosts

Output Properties window has the following tabs:

For Linux Hosts

Output Properties window has the following tabs:

For Microsoft Entra ID Hosts

Output Properties window has the following tabs:

For Nasuni Hosts

Output Properties window has the following tabs:

For NetApp Hosts

Output Properties window has the following tabs:

For Nutanix Hosts

Output Properties window has the following tabs:

For Panzura Hosts

Output Properties window has the following tabs:

For Qumulo Hosts

Output Properties window has the following tabs:

For SharePoint Hosts

Output Properties window has the following tabs:

For SharePoint Online Hosts

Output Properties window has the following tabs:

For SQL Server Hosts

Output Properties window has the following tabs:

For Windows File Server Hosts

Output Properties window has the following tabs: