Windows Server 2012 R2 File Auditing...thingy
-
@MattSpeller said:
@wirestyle22 For sure it'll be some screwy folder permissions thing at which point I'd rather poke myself in the eye. Wonder if there's FOS software for this yet.
I think what I said is accurate
-
@wirestyle22 said:
@MattSpeller said:
@wirestyle22 For sure it'll be some screwy folder permissions thing at which point I'd rather poke myself in the eye. Wonder if there's FOS software for this yet.
I think what I said is accurate
Easy enough to test - @LAH3385 I'd setup a small folder to try and see how it works
-
@LAH3385 Yeah. Test it and see. I'm 99% sure this will work.
-
Yea. What makes it bad is that it goes and creates a whole bunch of Windows Event Viewer logs. I'd not leave it enabled on many folders without a specific reason.
-
@dafyre said:
Yea. What makes it bad is that it goes and creates a whole bunch of Windows Event Viewer logs. I'd not leave it enabled on many folders without a specific reason.
Only over x amount of time right? A few days I believe.
-
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
-
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
-
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
Not really. This is what I do.
-
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
-
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Okay, but you mean have logs constantly being generated and then stored...forever? To be referenced forever?
-
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
Well.... auditing creates a lot of logs. What do you want to audit that would not create a lot of logs?
What's the issue with so many logs?
-
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
-
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
-
@LAH3385 said:
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
Sure you can... Filter the Windows Event Viewer and search for the name of the file... Print list, give to boss?
-
@LAH3385 said:
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
But given what he wants, you have to dig through hundreds of logs. I mean... what data do you want to NOT collect that you are sure that he will not ask about?
-
Wouldn't you just pop in the search term and be done? What is the issue with high volume?
-
@LAH3385 said:
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
This is the way to do that. You need to just find a good place to store all of the logs. I would explain to him that you need a time-span for his expectations for seeing into the past. I wouldn't run this forever but if you get an idea of his expectations you can prepare for it.
-
@wirestyle22 said:
@LAH3385 said:
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
This is the way to do that. You need to just find a good place to store all of the logs. I would explain to him that you need a time-span for his expectations for seeing into the past. I wouldn't run this forever but if you get an idea of his expectations you can prepare for it.
Well you store it in your logging system, of course, like you always should.
-
@scottalanmiller said:
@wirestyle22 said:
@LAH3385 said:
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
This is the way to do that. You need to just find a good place to store all of the logs. I would explain to him that you need a time-span for his expectations for seeing into the past. I wouldn't run this forever but if you get an idea of his expectations you can prepare for it.
Well you store it in your logging system, of course, like you always should.
From his explanation It would seem like it's infinite logs in which case I would move them onto a file server or something to be referenced later--unless you have a better idea, which very well may be the case
-
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@LAH3385 said:
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
This is the way to do that. You need to just find a good place to store all of the logs. I would explain to him that you need a time-span for his expectations for seeing into the past. I wouldn't run this forever but if you get an idea of his expectations you can prepare for it.
Well you store it in your logging system, of course, like you always should.
From his explanation It would seem like it's infinite logs in which case I would move them onto a file server or something to be referenced later--unless you have a better idea, which very well may be the case
Correct me if I'm wrong, but aren't the Windows Event Logs rolling logs? They collect until the log files reach X amount of space and then clean out old records?
