File Auditing
-
I was wondering if anyone is doing file auditing, and what they were using for it. (Locally on a Windows 10 machine.)
I have a need to watch a few folders and get simple reports on who accessed what files, and potentially what they did to them. (I know this is really two separate tasks.)
I know this is possible from the OS itself, but I've always found doing this through Event Viewer (or even a program like Splunk) a little tedious.
I also know there are programs out there to do this, but often these are very, very expensive.
So as always, I am sure there is either a way I am missing, or some great idea/program ML has that will accomplish this. Or just tell me to suck it up and use Event Viewer.
-
Sounds like a good use of ELK.
-
Yup, sounds like an itch waiting for ELK to scratch it. Or Logg.ly if you are using them.
-
Well, I could use Splunk as well.
I admittedly was looking for something "easy" ... plug and play, so to speak.
But I guess I find myself at the intersection of ease and cost.
-
Did @scottalanmiller make a guide on how to setup ELK and getting logging started?
-
@scottalanmiller said in File Auditing:
Yup, sounds like an itch waiting for ELK to scratch it. Or Logg.ly if you are using them.
BTW: I gave up on piping XS to Logg.ly. I found a bug in their software, and it appears it is only fixed in the paid version.
They wanted me to trial the paid version and test, but I had already moved it to Splunk.
I'll go back and do the testing for them though, in a few days,
-
@DustinB3403 said in File Auditing:
Did @scottalanmiller make a guide on how to setup ELK and getting logging started?
It's still waiting for the last part... the bit that sends the logs to the server. If I had actually set it up before myself I'd finish it, but alas, it's an rsyslog world for me.
-
Please follow the instructions mentioned in th below techNet articles and apply the same to track all activities : http://blogs.technet.com/b/mspfe/archive/2013/08/27/auditing-file-access-on-file-servers.aspx
Apply or Modify Auditing Policy Settings for a Local File or Folder
https://technet.microsoft.com/en-us/library/cc771070.aspx -
@DustinB3403 said in File Auditing:
Did @scottalanmiller make a guide on how to setup ELK and getting logging started?
I did. It's on here somewhere
I prefer Graylog in most cases, though. It's come a long way.
