Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

 

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: RE: [ActiveDir] [OT] Simple and clear FILESYSTEM auditing
Prev Next
You are not authorized to post a reply.

AuthorMessages
andymwoodUser is Offline

Posts:0

04/23/2008 11:11 AM  
I've used Rippletech's Logcaster in the past to do this very thing - you can
use the service to monitor eventlogs from multiple servers, and then have
rules on the event processing to filter out the information to determine
file accesses.



It works for any events - the filtering function allowed a variety of
function even down to checking of the text of the event description.



Very handy.



hth



From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: 23 April 2008 14:59
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] [OT] Simple and clear FILESYSTEM auditing



Changed the subject a bit to make it more clear what this is about





--

O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm







_____

From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Matt Beaman
Sent: Wednesday, April 23, 2008 8:00 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Simple and clear auditing

Hi there,



Looking for the simplest way (and best practice) to enable accurate and
simplified auditing to track access to folders and files.



Currently i've turned on all the audit options through "security",
"advanced", "auditing" and "add".



This results in a load of 560 id events, which seem to list every file
within the "my documents" folder within a space of seconds. This clearly
doesn't mean all the files have been accessed by a specific user, but maybe
the "my documents" folder accessed. Also have numerous entires for
desktop.ini etc.



Question is how to setup soley to report when files are accessed?



Further question is what is the best use of event id to montior user logon
and off (540, 538 etc) and also to differentiate between system processes
and tasks (maybe with that user account) against accurate timings of the
user logging on and off?



If there are any tools or products that can further expand on these issues,
that would also be of help,



Cheers,



Matt

**************************************************************************
The information contained in this e-mail may be subject to public
disclosure under the Freedom of Information Act 2000.
Additionally, this email and any attachment are confidential and
intended solely for the use of the individual to whom they are
addressed. If you are not the intended recipient, be advised that
you have received this email and any attachment in error, and
that any use, dissemination, forwarding, printing, or copying, is
strictly prohibited.
**************************************************************************


You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > RE: [ActiveDir] [OT] Simple and clear FILESYSTEM auditing



ActiveForums 3.7
AdventNet Banner
Friends

Friends

Namescape
Members

Members

MembershipMembership:
Latest New UserLatest:kosciesza69
New TodayNew Today:3
New YesterdayNew Yesterday:1
User CountOverall:4319
People OnlinePeople Online:
VisitorsVisitors:87
MembersMembers:0
TotalTotal:87
Online NowOnline Now:

Ads

Copyright 2008 ActiveDir.org
Terms Of Use