Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

 

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: RE: [ActiveDir] [OT] Simple and clear FILESYSTEM auditing
Prev Next
You are not authorized to post a reply.

AuthorMessages
listmailUser is Offline

Posts:496

04/23/2008 10:00 AM  
Changed the subject a bit to make it more clear what this is about


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm



_____

From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Matt Beaman
Sent: Wednesday, April 23, 2008 8:00 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Simple and clear auditing


Hi there,

Looking for the simplest way (and best practice) to enable accurate and
simplified auditing to track access to folders and files.

Currently i've turned on all the audit options through "security",
"advanced", "auditing" and "add".

This results in a load of 560 id events, which seem to list every file
within the "my documents" folder within a space of seconds. This clearly
doesn't mean all the files have been accessed by a specific user, but maybe
the "my documents" folder accessed. Also have numerous entires for
desktop.ini etc.

Question is how to setup soley to report when files are accessed?

Further question is what is the best use of event id to montior user logon
and off (540, 538 etc) and also to differentiate between system processes
and tasks (maybe with that user account) against accurate timings of the
user logging on and off?

If there are any tools or products that can further expand on these issues,
that would also be of help,

Cheers,

Matt

**************************************************************************
The information contained in this e-mail may be subject to public
disclosure under the Freedom of Information Act 2000.
Additionally, this email and any attachment are confidential and
intended solely for the use of the individual to whom they are
addressed. If you are not the intended recipient, be advised that
you have received this email and any attachment in error, and
that any use, dissemination, forwarding, printing, or copying, is
strictly prohibited.
**************************************************************************


You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > RE: [ActiveDir] [OT] Simple and clear FILESYSTEM auditing



ActiveForums 3.7
AdventNet Banner
Friends

Friends

Namescape
Members

Members

MembershipMembership:
Latest New UserLatest:kosciesza69
New TodayNew Today:3
New YesterdayNew Yesterday:1
User CountOverall:4319
People OnlinePeople Online:
VisitorsVisitors:83
MembersMembers:0
TotalTotal:83
Online NowOnline Now:

Ads

Copyright 2008 ActiveDir.org
Terms Of Use