Getting Started
- System Requirements
- Installation
- Registration
- Version Support Policy
- Assign Service Logon As Credentials
Agent-Based Management
Data Providers
- Data Provider Properties
- SQLite Properties
- MySQL Properties
- Microsoft SQL Server Properties
- File System Properties
Directory Services
Event Log Archiving for JSIG and CMMC Compliance
Auditing
- Audit Work Items
- Self-Auditing
- Group Policy Auditing
Hosts
- Adding Hosts
- Host Properties
- Batch Update Hosts
- Agent Properties
- Logon As Properties
- SFTP Properties
- FTP/S Properties
- SNMP Device Connection Properties
- WMI
- Contact
- Exclusions
- Inventory
- Docker
- Host Assignments
Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- File and Directory Monitor Templates
- Windows Monitor Templates
- Windows Management Instrumentation (WMI) Templates
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
Monitors
- Monitor Hierarchy
- Temporarily Suppress Monitors Actions
Reports
- Report Properties
- Artificial Intelligence Reports
  - AI Anomaly Detection Report
    - AI Anomaly Detection Report (Template Triggers)
- Security Reports
- Generic Log Reports
- SIEM Report
- SIEM Chart Report
- Azure Active Directory Audit Log Report
- Event Log Report
- SNMP Trap Report
- Syslog Report
- Databse Log Report
- Event Log Summary Report
File and Permission Reports
- File and Directory Access Permissions Report
- Duplicate Files Report
- File Activity Report
- Largest Files Report
- Sorted Files Report
Summary Reports
- Host Inventory Report
- Summary Report
- Collection Report
- Hash Check Reports
Auto-Configurators
Filters
- Simple Filters
- Complex Filters
Actions
- Database Actions
- Desktop Actions
- Email Actions
- Event Log Actions
- Executable Actions
- File Actions
- IIS IP Address Restriction Actions
- Microsoft Teams Actions
- PowerShell Actions
- Report Actions
- Service Actions
- SMS Actions
- SNMP Trap Actions
- Syslog Actions
- Template Actions
- IIS IP Address Restriction Actions
- Action Variables
Schedules
- Fixed Schedules
- Range Schedules
- Real-Time Schedules
Environment Variables
Options
- Email Settings
- Security Settings
- Syslog Server Settings
- SNMP Trap Server Settings
- Log Viewer Settings
- Web Proxy Settings
- Miscellaneous Settings
Account Lockout Monitoring and Reporting
Merging Logs
SNMP
- SNMP Browser
SSH Shell
Syslog
Exporting and Importing Configuration Objects
Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
Command Line Interface
Server Configuration
Agent Configuration
Troubleshooting
- Arithmetic Overflow
- Access Denied
- MySQL: Fatal error encountered during command execution
- Invalid Class
- No Such Interface Supported
- Quota Violation
- The File Exists Errors
- The Interface is Unknown
- The RPC Server is Unavailable
- NetBIOS Errors
Terminology

Reports

A Report is a configurable object that enables users to receive summarized data on-demand or on a scheduled frequency. Reports typically output to an HTML file or email.

How it works:

Once a report has been created, computers, devices and/or hosts must be assigned. Once hosts are assigned, the Explorer View adds a Report Nodeunder the assigned host. Every minute at the top of the minute Server Manager checks to see if a report should be executed. If a report is scheduled to execute, Server Manager creates a new task then executes the report, fires Actions, saves the results to the history database and finally, calculates and saves the next execution time.

To create a report:

From the Menu Bar select File | New. The Create New Object View displays.
From the Create New Object View, expand Reports.
Navigate through the tree to find the type of report you would like to create then click the report type. The Properties View displays.

Note

Unlicensed report types appear in gray text. If you would like to create a report that is not currently licensed, please contact Corner Bowl Software to upgrade your license.

Configure the Report Properties.
When applicable, assign target hosts, host groups, and report groups.
When you have finished configuring the report, click the OK button to save.

To assign a report to computers, devices and hosts:

From the Explorer View, navigate to the report you want to assign a host.
Right-click and select Assign | Computer, Device or Host. The Select Multiple Computers, Devices and Hosts dialog displays.
Check the computers to assign then click OK.

Sample Reports

Server Manager includes sample Reports of which several are initially assigned to the localhost. The sample Reports can be modified and assigned to other computers as necessary. To view the sample Reports, from the Explorer View, expand the Reports node then select Sample Reports.

Available Reports

Type	Description
Generic Consolidated Log Reports
SIEM	Merges different log types into a single report and groups by user defined columns (e.g. Daily Windows and Linux User Logons).
SIEM Charts	Merges different log types into a single report and groups by user defined columns then displays a graphical analysis.
Event Log	Generic report that searches consolidated Event Log entries and Event Log file backups for specific events (e.g. Daily Application and System Errors).
Event Log Summary	Merges Event Logs into a single report then displays a count of the top entries with a short description next each entry.
Azure AD Audit Log	Generic report that searches consolidated Azure AD Audit Log entries for specific events (e.g. Daily O365 Logons).
SNMP Trap	Generic report that searches consolidated SNMP Traps for specific events (e.g. Daily VPN Connection Sessions).
Syslog	Generic report that searches consolidated Syslog entries for specific events (e.g. Daily Linux Logons).
Text Log	Generic report that searches consolidated Text, CSV and W3C log entries for specific events (e.g. Daily IIS 500 Errors).
Security Reports
Account Lockout (Active Directory/WMI)	Audit Report that scans Active Directory and stand-alone servers for currently locked out accounts (e.g. Daily Lockouts).
Account Lockout (Event Log)	Audit Report that that searches consolidated Event Log entries and Event Log file backups for account lockout history events (e.g. Weekly Lockouts).
Account Management	Audit Report that searches consolidated Event Log entries and Event Log file backups for Account Management Security Event Log Events (e.g. Daily Account Management Events).
Security Group Management	Audit Report that searches consolidated Event Log entries and Event Log file backups for Audit Security Group Management events (e.g. Daily Security Group Management Events).
New Accounts	Audit Report that searches consolidated Event Log entries and Event Log file backups for Event ID 4720: A user account was created (e.g. Daily New Account Events).
Failed Logons	Audit Report that searches consolidated Event Log entries and Event Log file backups for failed logon attempts (e.g. Daily Failed Logon Events).
Success Logons	Audit Report that searches consolidated Event Log entries and Event Log file backups for successful logons (e.g. Daily Successful Logon Events).
Logon Sessions	Audit Report that searches consolidated Event Log entries and Event Log file backups for logon sessions (e.g. Daily Logon Sessions).
Object Access	Audit Report that searches consolidated Event Log entries and Event Log file backups for Object Access events (e.g. Daily Object Access Events).
File and Directory Reports
File and Directory Access Permissions	Audit Report that scans a directory then lists detailed user account permissions (e.g. Recursive Directory Permissions).
Duplicate Files	Scans a directory then lists duplicated files (e.g. Duplicate File Content).
File Activity	Scans a directory then lists the most recently accessed files.
Largest Files	Scans a directory then lists the largest files.
Sorted Files	Scans a directory then lists files in a user defined order (e.g. Largest Files or Most Recently Accessed Files).
Summary Reports
Summary	Summarizes Host and Template status (e.g. Daily Systems Status).
Host Inventory	Summarizes Host hardware and operating system information (e.g. Weekly Hardware and OS Inventory).
Collection	Generates a collection of reports.