Windows Server 2012 R2 File Auditing...thingy
-
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
-
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Okay, but you mean have logs constantly being generated and then stored...forever? To be referenced forever?
-
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
Well.... auditing creates a lot of logs. What do you want to audit that would not create a lot of logs?
What's the issue with so many logs?
-
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
-
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
-
@LAH3385 said:
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
Sure you can... Filter the Windows Event Viewer and search for the name of the file... Print list, give to boss?
-
@LAH3385 said:
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
But given what he wants, you have to dig through hundreds of logs. I mean... what data do you want to NOT collect that you are sure that he will not ask about?
-
Wouldn't you just pop in the search term and be done? What is the issue with high volume?
-
@LAH3385 said:
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
This is the way to do that. You need to just find a good place to store all of the logs. I would explain to him that you need a time-span for his expectations for seeing into the past. I wouldn't run this forever but if you get an idea of his expectations you can prepare for it.
-
@wirestyle22 said:
@LAH3385 said:
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
This is the way to do that. You need to just find a good place to store all of the logs. I would explain to him that you need a time-span for his expectations for seeing into the past. I wouldn't run this forever but if you get an idea of his expectations you can prepare for it.
Well you store it in your logging system, of course, like you always should.
-
@scottalanmiller said:
@wirestyle22 said:
@LAH3385 said:
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
This is the way to do that. You need to just find a good place to store all of the logs. I would explain to him that you need a time-span for his expectations for seeing into the past. I wouldn't run this forever but if you get an idea of his expectations you can prepare for it.
Well you store it in your logging system, of course, like you always should.
From his explanation It would seem like it's infinite logs in which case I would move them onto a file server or something to be referenced later--unless you have a better idea, which very well may be the case
-
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@LAH3385 said:
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
This is the way to do that. You need to just find a good place to store all of the logs. I would explain to him that you need a time-span for his expectations for seeing into the past. I wouldn't run this forever but if you get an idea of his expectations you can prepare for it.
Well you store it in your logging system, of course, like you always should.
From his explanation It would seem like it's infinite logs in which case I would move them onto a file server or something to be referenced later--unless you have a better idea, which very well may be the case
Correct me if I'm wrong, but aren't the Windows Event Logs rolling logs? They collect until the log files reach X amount of space and then clean out old records?
-
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@LAH3385 said:
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
This is the way to do that. You need to just find a good place to store all of the logs. I would explain to him that you need a time-span for his expectations for seeing into the past. I wouldn't run this forever but if you get an idea of his expectations you can prepare for it.
Well you store it in your logging system, of course, like you always should.
From his explanation It would seem like it's infinite logs in which case I would move them onto a file server or something to be referenced later--unless you have a better idea, which very well may be the case
Well no, you always use a logging system. A file server would just be a disaster in every possible way. This is a very simple issue, you just send it to ELK, ELG, or whatever system you want.
-
@dafyre said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@LAH3385 said:
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
This is the way to do that. You need to just find a good place to store all of the logs. I would explain to him that you need a time-span for his expectations for seeing into the past. I wouldn't run this forever but if you get an idea of his expectations you can prepare for it.
Well you store it in your logging system, of course, like you always should.
From his explanation It would seem like it's infinite logs in which case I would move them onto a file server or something to be referenced later--unless you have a better idea, which very well may be the case
Correct me if I'm wrong, but aren't the Windows Event Logs rolling logs? They collect until the log files reach X amount of space and then clean out old records?
By default, yes. But you should not have your logs remaining local, you send it to your logging system and set retention there.
-
@dafyre said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@LAH3385 said:
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
This is the way to do that. You need to just find a good place to store all of the logs. I would explain to him that you need a time-span for his expectations for seeing into the past. I wouldn't run this forever but if you get an idea of his expectations you can prepare for it.
Well you store it in your logging system, of course, like you always should.
From his explanation It would seem like it's infinite logs in which case I would move them onto a file server or something to be referenced later--unless you have a better idea, which very well may be the case
Correct me if I'm wrong, but aren't the Windows Event Logs rolling logs? They collect until the log files reach X amount of space and then clean out old records?
Yes that is true (by default) but I was saying he would need to save the logs to be referenced later. Scott has a better idea though detailed below. Thank you @scottalanmiller This is exactly why I wanted him to wait. Appreciate it.
-
@scottalanmiller said:
@dafyre said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@LAH3385 said:
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
This is the way to do that. You need to just find a good place to store all of the logs. I would explain to him that you need a time-span for his expectations for seeing into the past. I wouldn't run this forever but if you get an idea of his expectations you can prepare for it.
Well you store it in your logging system, of course, like you always should.
From his explanation It would seem like it's infinite logs in which case I would move them onto a file server or something to be referenced later--unless you have a better idea, which very well may be the case
Correct me if I'm wrong, but aren't the Windows Event Logs rolling logs? They collect until the log files reach X amount of space and then clean out old records?
By default, yes. But you should not have your logs remaining local, you send it to your logging system and set retention there.
COUGH ELK Server COUGH
-
I just got an email this morning from Netwrix. They have a File Change Notifier tool that is free....
https://start.netwrix.com/free_tool_for_change_auditing_of_file_servers.html
Test it out and see if you like it. I haven't been bombarded by spam emails or phone calls from them.
-
@dafyre Nice
-
I get so many emails from Netwrix that everything goes directly to the bin.
-
@scottalanmiller said:
I get so many emails from Netwrix that everything goes directly to the bin.
Ha ha ha. You should probably have a word with them about that.
I get like one or two a month, I think.
