ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    File Server Auditing

    IT Discussion
    11
    22
    2576
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DustinB3403
      DustinB3403 last edited by

      Start by enabling file share auditing.

      🙂

      1 Reply Last reply Reply Quote 3
      • wirestyle22
        wirestyle22 last edited by wirestyle22

        @DustinB3403 is right. I just filter by event ID. I'd be interested to see if anyone is doing it differently though.

        1 Reply Last reply Reply Quote 0
        • A
          Alex Sage last edited by

          @DustinB3403 @wirestyle22 Does that mean I have to read the whole log just to get infomation about 1 users, or 1 folder? I am looking for something easy, like PrintLogger by PaperCut 🙂

          wirestyle22 scottalanmiller 2 Replies Last reply Reply Quote 0
          • A
            Alex Sage last edited by

            Readability is a big one for me 🙂

            DustinB3403 1 Reply Last reply Reply Quote 0
            • DustinB3403
              DustinB3403 @Alex Sage last edited by

              @aaronstuder said in File Server Auditing:

              Readability is a big one for me 🙂

              Zabbix might work for this.

              1 Reply Last reply Reply Quote 0
              • wirestyle22
                wirestyle22 @Alex Sage last edited by

                @aaronstuder said in File Server Auditing:

                @DustinB3403 @wirestyle22 Does that mean I have to read the whole log just to get infomation about 1 users, or 1 folder? I am looking for something easy, like PrintLogger by PaperCut 🙂

                I just filter the results

                1 Reply Last reply Reply Quote 0
                • scottalanmiller
                  scottalanmiller @Alex Sage last edited by

                  @aaronstuder said in File Server Auditing:

                  @DustinB3403 @wirestyle22 Does that mean I have to read the whole log just to get infomation about 1 users, or 1 folder? I am looking for something easy, like PrintLogger by PaperCut 🙂

                  Send the logs to Loggly, ELK or Splunk.

                  A 1 Reply Last reply Reply Quote 1
                  • A
                    Alex Sage @scottalanmiller last edited by

                    @scottalanmiller This is windows 😉

                    scottalanmiller 1 Reply Last reply Reply Quote 0
                    • A
                      Alex Sage last edited by

                      Anyone have a good guide? I see a bunch, but I want a good one 😉

                      1 Reply Last reply Reply Quote 0
                      • scottalanmiller
                        scottalanmiller @Alex Sage last edited by

                        @aaronstuder said in File Server Auditing:

                        @scottalanmiller This is windows 😉

                        I know. That's why I advised the above.

                        MattSpeller 1 Reply Last reply Reply Quote 2
                        • MattSpeller
                          MattSpeller @scottalanmiller last edited by

                          @scottalanmiller said in File Server Auditing:

                          @aaronstuder said in File Server Auditing:

                          @scottalanmiller This is windows 😉

                          I know. That's why I advised the above.

                          Technically, the below

                          JaredBusch 1 Reply Last reply Reply Quote 0
                          • JaredBusch
                            JaredBusch @MattSpeller last edited by

                            @MattSpeller said in File Server Auditing:

                            @scottalanmiller said in File Server Auditing:

                            @aaronstuder said in File Server Auditing:

                            @scottalanmiller This is windows 😉

                            I know. That's why I advised the above.

                            Technically, the below

                            Above for the default view.

                            1 Reply Last reply Reply Quote 1
                            • J
                              joelbarlow40 last edited by joelbarlow40

                              For enabling the audit settings, please refer to:

                              Configuring Audit Policies

                              http://technet.microsoft.com/en-us/library/dd277403.aspx

                              Apply or modify auditing policy settings for a local file or folder

                              https://technet.microsoft.com/en-us/library/cc771070(v=ws.11).aspx

                              1 Reply Last reply Reply Quote 0
                              • vhinzsanchez
                                vhinzsanchez last edited by

                                Had enabled auditing in my server. I filter based on my notes:

                                • 4663 - Attempt was made to an object.
                                • 4660 - An object was deleted
                                • 5140 - A network share object was accessed.
                                • Filter using the code 4663 then on result, find the file.

                                However, logs do tend to get big. Initially, I have configured it to a max of 13GB but has now adjusted to 5.24GB for a week of logs

                                1 Reply Last reply Reply Quote 0
                                • vhinzsanchez
                                  vhinzsanchez last edited by

                                  I've read about Netwrix as well, however I'm critical on those I install on my servers

                                  Topic in SW:
                                  https://community.spiceworks.com/topic/1967683-free-file-auditing-software

                                  akp982 1 Reply Last reply Reply Quote 0
                                  • akp982
                                    akp982 @vhinzsanchez last edited by

                                    @vhinzsanchez said in File Server Auditing:

                                    I've read about Netwrix as well, however I'm critical on those I install on my servers

                                    Topic in SW:
                                    https://community.spiceworks.com/topic/1967683-free-file-auditing-software

                                    I've just started using Netwrix on my file servers, seems to work really well and doesn't have much overhead. It can email alert if there are a large number of changes. Fully searchable and can use SQL as a database backend if you have one already setup. If not it uses I believe an access database (don't hold me to that).

                                    It uses the window auditing log to get info about the changes which means its trying to engineer anything new in and will setup the auditing for you on install.

                                    Was really quick to setup and come in fairly cheap 🙂

                                    Goes back to lerking...

                                    scottalanmiller wirestyle22 A 3 Replies Last reply Reply Quote 2
                                    • scottalanmiller
                                      scottalanmiller @akp982 last edited by

                                      @akp982 said in File Server Auditing:

                                      @vhinzsanchez said in File Server Auditing:

                                      I've read about Netwrix as well, however I'm critical on those I install on my servers

                                      Topic in SW:
                                      https://community.spiceworks.com/topic/1967683-free-file-auditing-software

                                      I've just started using Netwrix on my file servers, seems to work really well and doesn't have much overhead. It can email alert if there are a large number of changes. Fully searchable and can use SQL as a database backend if you have one already setup. If not it uses I believe an access database (don't hold me to that).

                                      It uses the window auditing log to get info about the changes which means its trying to engineer anything new in and will setup the auditing for you on install.

                                      Was really quick to setup and come in fairly cheap 🙂

                                      Goes back to lerking...

                                      Whoa, we were just talking about you too!

                                      1 Reply Last reply Reply Quote 0
                                      • wirestyle22
                                        wirestyle22 @akp982 last edited by

                                        @akp982 said in File Server Auditing:

                                        @vhinzsanchez said in File Server Auditing:

                                        I've read about Netwrix as well, however I'm critical on those I install on my servers

                                        Topic in SW:
                                        https://community.spiceworks.com/topic/1967683-free-file-auditing-software

                                        I've just started using Netwrix on my file servers, seems to work really well and doesn't have much overhead. It can email alert if there are a large number of changes. Fully searchable and can use SQL as a database backend if you have one already setup. If not it uses I believe an access database (don't hold me to that).

                                        It uses the window auditing log to get info about the changes which means its trying to engineer anything new in and will setup the auditing for you on install.

                                        Was really quick to setup and come in fairly cheap 🙂

                                        Goes back to lerking...

                                        Interesting. I should play around with that.

                                        1 Reply Last reply Reply Quote 0
                                        • A
                                          aidan_walsh @akp982 last edited by

                                          @akp982 said in File Server Auditing:

                                          @vhinzsanchez said in File Server Auditing:

                                          I've read about Netwrix as well, however I'm critical on those I install on my servers

                                          Topic in SW:
                                          https://community.spiceworks.com/topic/1967683-free-file-auditing-software

                                          I've just started using Netwrix on my file servers, seems to work really well and doesn't have much overhead. It can email alert if there are a large number of changes. Fully searchable and can use SQL as a database backend if you have one already setup. If not it uses I believe an access database (don't hold me to that).

                                          It uses the window auditing log to get info about the changes which means its trying to engineer anything new in and will setup the auditing for you on install.

                                          Was really quick to setup and come in fairly cheap 🙂

                                          Goes back to lerking...

                                          How much use is this without the "who" functionality?

                                          1 Reply Last reply Reply Quote 0
                                          • momurda
                                            momurda last edited by

                                            Netwrix is a great tool. I dont use it now but have before. It was quite inexpensive as well, not sure these days.

                                            1 Reply Last reply Reply Quote 1
                                            • First post
                                              Last post