Events generated on a specific target machine can be audited using the Target Machine policy. This policy contains a set of DNS names or IP addresses of the target machines, and an action flag for each machine. The action for the event generated on the specific target machine will be executed based on the corresponding action flag.
To create and associate a Target Machine policy:
Select a container.
Click New > Object > New naasTargetMachinePolicy.
Add the DNS names or IP addresses of the target machines whose actions are to be audited with the appropriate action flag for each machine.
Make this policy applicable to appropriate audited objects.
Grant the appropriate Audit agent objects Read rights to this policy.
NOTE: For auditing events generated on specific target machines, an Event policy must also be present. In the Event policy, if the filter condition for any event is set to DON'T CARE or the action flag is set to IGNORE. The Target Machine policy will not be applied for that event, and the event will be audited irrespective of the target machine from which it was generated. The filtering condition should be set to either AND or OR for the event to be audited based on the corresponding target machine.