Monitoring SSL Certificates with Event Log Manager
Events related to SSL certificates
The following is a list of events that are related to SSL Certificates:
1001Certificate Replaced1002Certificate Expired1003Certificate Expiration Approaching1004Certificate Deleted1005Certificate Archived1006Certificate Installed
In order to audit these events, create a new filter in Event Log Manager.
NOTE: Please follow this guide for fundamental configurations of Event Log Manager in Netwrix Auditor: https://docs.netwrix.com/docs/auditor/10_8/tools/eventlogmanager Failure to do so may result in a delay or absence of audit data.
Create a filter to audit SSL certificate events
-
If this is your first Event Log Manager plan, enter notification recipients and target servers before continuing.
-
Add a new filter.
-
When an SSL certificate is added to a server, a new event log titled
Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operationalis created. Enter this log into the Event Log text field and set Write To to Both.
-
Click the Event Fields tab and enter the event IDs you wish to audit. The provided example exhibits auditing of all SSL Certificate events.
-
Click OK until you are back to the Event Log Manager homepage and then click Save.
You will now receive reports for SSL certificate event data.
Configure alerts for SSL certificate events
If you wish to receive Alerts for this data, repeat the filter configuration steps using the Alert Filter Configuration:
-
Open the Alert Filter Configuration and add a new alert filter as needed.
-
Configure the alert filter similarly to the report filter, specifying the same event log and event IDs.
-
Click OK until you are back to the Event Log Manager homepage and then click Save.
The configured Monitoring Plan will now yield reports and alerts for SSL auditing.