Audit and Control Management Server 2013 - Application Services Parameters
Microsoft Audit and Control Management (ACM) Server 2013 application services perform critical tasks in the operation of the system. The following section provides a description of the services and details on how to manage the services.
NOTE: When any administrative settings are changed in the ACM administration website, the services on the Application Server may need to be restarted for the changes to take effect.
WatchdogProcess.exe
This service runs as a parent process to the AccessProcessor.exe or the SpreadsheetProcessor.exe to provide automated fault handling and monitoring for its child process. It can be configured with the following parameters via ACM Service Manager or command-line:
NOTE: The separator between the parameter name and the parameter value for the WatchdogProcess is a vertical bar, unlike all the other services, which use a colon as a separator. If you use the incorrect separator, you may get unexpected results.
Parameter |
Options |
Description |
/exe| |
(path and filename) |
Specify the full path of the EXE to act as a watchdog for. |
/args| |
(arguments) |
Specifies the arguments that are passed to the specified executable. See information regarding the AccessProcessor and SpreadsheetProcessor for available arguments (parameters). |
/debuglevel| |
None|errors|verbose |
Specifies the level for debuging. If this is 'errors' or 'verbose', the output will be in the {processing}\LogFiles folder.
none - no debug log will be used. errors - the debug log will only be used to record errors. verbose - the debug log will contain error and diagnostic information. |
/substServer| |
(ServerName) |
Used to specify the server name for processing. By default, the NETBIOS name of the server is used. This value must match one of the server names listed on the “Servers” tab within the Account Administration page. |
/? |
|
Displays the usage information for this application. |
/help |
|
Displays the usage information for this application. |
Below is an example of the parameters that can be used with the WatchdogProcess.exe:
WatchdogProcess.exe /exe|" C:\Program Files (x86)\Microsoft Office\Office15\ACM\bin\SpreadsheetProcessor.exe" /args|"/statuswindow:0 /exitaftercount:100 /debuglevel:errors /substServer:APP01 /proctimeoutmins:20” /debuglevel|errors /substServer|APP01
AccessProcessor.exe
This service processes Microsoft Access database files in order to create the audit trail records for those file types and upload the audit trail data to the ACM database. It can be configured with the following parameters via ACM Service Manager or command-line:
NOTE: This service should be run as a child process of the WatchdogProcess.exe (described earlier) to take advantage of better fault tolerance and reliability.
Parameter |
Options |
Description |
/debuglevel: |
None|errors|verbose |
Specifies the level for debuging. If this is 'errors' or 'verbose', the output will be in the {processing}\LogFiles folder.
none - no debug log will be used. errors - the debug log will only be used to record errors. verbose - the debug log will contain error and diagnostic information. |
/statuswindow: |
1|0|true|false|yes|no |
Set to TRUE to show the status window |
/proctimeoutmins: |
(number) Default is 120 |
When this service is running as a child process of the WatchdogProcess.exe, the “proctimeoutmins” is the maximum amount of time that the AccessProcessor service will spend trying to process a file before it stops processing and generates a timeout error. This is useful to prevent the processing queue from getting stuck on a file that takes a long time to process. |
/substServer: |
(ServerName) |
Used to specify the server name for processing. By default, the NETBIOS name of the server is used. This value must match one of the server names listed on the “Servers” tab within the Account Administration page. |
/? |
|
Displays the usage information for this application. |
/help |
|
Displays the usage information for this application. |
By default, when no parameters are passed, the following settings will be applied:
AccessProcessor.exe /statuswindow:true /debuglevel:errors /proctimeoutmins:120 /substServer:(machine name)
NTFSEventProcessor.exe
This service monitors the specified NTFS file shares for documents to be audited. This service provides the files to either the “SpreadsheetProcessor.exe” or “AccessProcessor.exe” service in order to create and maintain the audit trail for the specified files/folders. It can be configured with the following parameters via ACM Service Manager or command-line:
Parameter |
Options |
Description |
/debuglevel: |
None|errors|verbose |
Default is ‘errors’ Specifies the level for debuging. If this is 'errors' or 'verbose', the output will be in the {processing}\LogFiles folder. none - no debug log will be used. errors - the debug log will only be used to record errors. verbose - the debug log will contain error and diagnostic information. |
/statuswindow: |
1|0|true|false|yes|no |
Default is true Set to TRUE to show the status window |
/substServer: |
<ServerName> |
Default is the machine name of the current computer. Used to specify the server name for processing. By default, the NETBIOS name of the server is used. This value must match one of the server names listed on the “Servers” tab within the Account Administration page. Use with caution. Only one running NTFS Event Processor configured with the same “substserver” value should be running against a single database server. Having multiple running at a time may result in duplication of data. |
/maxmonitoredfolders |
<number> |
Default is 40 Maximum number of individual folders to monitor, without consolidation. If the number of folders exceeds this number, then they will be consolidated to fewer folders. This parameter is not used if the monitortype is ‘dbqueue’. |
/fullScan: |
1|0|true|false|yes|no |
Default is ‘false’ If set to TRUE, a full scan of every monitored folder will be performed on startup. |
/rescantype |
Daily Hourly Continuously
|
Default : Daily Specifies the period at which the automatic rescan of monitored folders takes place. Daily – takes place daily between midnight and 1:00 am. Hourly – takes place hourly Continuously – takes place continuously |
/OptimizedRescan |
1|0|true|false|yes|no |
Default is False. Set to True to optimize rescan process by checking the modification dates on folders before rescanning files. If TRUE, then the rescan process will be optimized by checking the folder modification dates to determine folders that have changed and need to be rescanned. This results in a very optimized rescan, because only folders with changed files need to be rescanned. Microsoft Windows will update the last modified date on the folder whenever a file is saved into a folder. However, it does not update the last modified date on a folder when a file is dragged and dropped into a folder. So, if set to FALSE, then all file changes (saved files, and copied/moved files) will be detected. However, if set to TRUE, then only saved files will be reliably rescanned. The recommended setting is FALSE, so that all file changes are detected. However, on a very slow network, you can set to TRUE, and the rescan will be fast – but files that are copied/moved will not be audited until the next time they are saved. |
/? |
|
Displays the usage information for this application. |
/help |
|
Displays the usage information for this application. |
By default, when no parameters are passed, the following settings will be applied:
NTFSEventProcessor.exe /statuswindow:true /debuglevel:errors /maxMonitoredFolders:40 /fullscan:false /substServer:(machine name)
SpreadsheetProcessor.exe
This service processes Microsoft Excel files in order to create the audit trail records for those file types and upload the audit trail data to the ACM database. It can be configured with the following parameters via ACM Service Manager or command-line:
NOTE: This service should be run as a child process of the WatchdogProcess.exe (described earlier) to take advantage of better fault tolerance and reliability.
Parameter |
Options |
Description |
/debuglevel: |
None|errors|verbose |
Specifies the level for debuging. If this is 'errors' or 'verbose', the output will be in the {processing}\LogFiles folder.
none - no debug log will be used. errors - the debug log will only be used to record errors. verbose - the debug log will contain error and diagnostic information. |
/exitAfterCount: |
(number) |
Setting this option will cause the processor to exit after the specified numbers of files have been processed. |
/exitaftertime: |
(hh:mm) |
Setting this option will cause the processor to exit after the specified time has elapsed. The time value is specified in hours and minutes. |
/proctimeoutmins: |
(number) Default is 120 |
When this service is running as a child process of the WatchdogProcess.exe, the “proctimeoutmins” is the maximum amount of time that the SpreadsheetProcessor service will spend trying to process a file before it stops processing and generates a timeout error. This is useful to prevent the processing queue from getting stuck on a file that takes a long time to process. |
/statuswindow: |
1|0|true|false|yes|no |
Set to TRUE to show the status window |
/substServer: |
(ServerName) |
Used to specify the server name for processing. By default, the NETBIOS name of the server is used. This value must match one of the server names listed on the “Servers” tab within the Account Administration page. |
/? |
|
Displays the usage information for this application. |
/help |
|
Displays the usage information for this application. |
By default, when no parameters are passed, the following settings will be applied:
SpreadsheetProcessor.exe /statuswindow:true /proctimeoutmins:120 /substServer:(machine name)
SharePointFileProcessor.exe
This service queries all SharePoint repositories currently configured to be controlled by ACM to ensure that all files and all versions of files have been audited. Optional parameters can perform a full rekey of a file or files, so that audit trails are rebuilt based on the active policy. The SharePointFileProcessor requires that the account running it has at least “read-only” permission to the SharePoint site and document library which contains the files to be processed. It can be configured with the following parameters via ACM Service Manager or command-line:
Parameter |
Options |
Description |
/debuglevel: |
None|errors|verbose |
Specifies the level for debuging. If this is 'errors' or 'verbose', the output will be in the {processing}\LogFiles folder.
|
/restriction: |
(wildcard path in quotes) |
Used to restrict the files that will be processed to those whose filepath and filename match the wildcard specification. This specification must be enclosed in quotes. |
/scantime: |
(hh:mm) |
If scantype is 'once' or 'recurring', this sets the time that scan will take place. This is based on a 24-hour clock.
|
/scantype: |
immediate|once |
Type of scan to perform:
|
/statuswindow: |
1|0|true|false|yes|no |
Set to TRUE to show the status window |
/substServer: |
(ServerName) |
Used to specify the server name for processing. By default, the NETBIOS name of the server is used. This value must match one of the server names listed on the “Servers” tab within the Account Administration page. |
/verify: |
1|0|true|false|yes|no |
True to verify all operations without actually performing an update. Use this with the status window to verify option settings before actually performing them. |
/? |
|
Displays the usage information for this application. |
/help |
|
Displays the usage information for this application. |
By default, when no parameters are passed, the following settings will be applied:
SharePointFileProcessor /statuswindow:true /scantype:immediate /rekey:false /verify:false /debuglevel:errors /substServer:(machine name)