Windows Server 2012 R2 File Auditing...thingy
-
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@LAH3385 said:
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
This is the way to do that. You need to just find a good place to store all of the logs. I would explain to him that you need a time-span for his expectations for seeing into the past. I wouldn't run this forever but if you get an idea of his expectations you can prepare for it.
Well you store it in your logging system, of course, like you always should.
From his explanation It would seem like it's infinite logs in which case I would move them onto a file server or something to be referenced later--unless you have a better idea, which very well may be the case
Well no, you always use a logging system. A file server would just be a disaster in every possible way. This is a very simple issue, you just send it to ELK, ELG, or whatever system you want.
-
@dafyre said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@LAH3385 said:
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
This is the way to do that. You need to just find a good place to store all of the logs. I would explain to him that you need a time-span for his expectations for seeing into the past. I wouldn't run this forever but if you get an idea of his expectations you can prepare for it.
Well you store it in your logging system, of course, like you always should.
From his explanation It would seem like it's infinite logs in which case I would move them onto a file server or something to be referenced later--unless you have a better idea, which very well may be the case
Correct me if I'm wrong, but aren't the Windows Event Logs rolling logs? They collect until the log files reach X amount of space and then clean out old records?
By default, yes. But you should not have your logs remaining local, you send it to your logging system and set retention there.
-
@dafyre said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@LAH3385 said:
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
This is the way to do that. You need to just find a good place to store all of the logs. I would explain to him that you need a time-span for his expectations for seeing into the past. I wouldn't run this forever but if you get an idea of his expectations you can prepare for it.
Well you store it in your logging system, of course, like you always should.
From his explanation It would seem like it's infinite logs in which case I would move them onto a file server or something to be referenced later--unless you have a better idea, which very well may be the case
Correct me if I'm wrong, but aren't the Windows Event Logs rolling logs? They collect until the log files reach X amount of space and then clean out old records?
Yes that is true (by default) but I was saying he would need to save the logs to be referenced later. Scott has a better idea though detailed below. Thank you @scottalanmiller This is exactly why I wanted him to wait. Appreciate it.
-
@scottalanmiller said:
@dafyre said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@LAH3385 said:
@scottalanmiller said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Beside This kind of Auditing.. is there any other way to audit a folder using third party application? I tested it out and it generated way too many event logs.
If you only need it to run for a few days, then this should be fine...
I don't know of any other utilities that will work for this.
He wants to run it for months.. or forever. Not much of an audit.. more like report. He wants to know EVERYTHING going on in the folder. I just don't know how to put the result into a report at this amount.
Well that is generally just silly, but if that is what he wants... then just give it to him. What's the issue?
He's the kind of guy that ask a question and expect an answer. Like who move this file? He wants a name. without timeframe I can be digging through hundreds of logs.
This is the way to do that. You need to just find a good place to store all of the logs. I would explain to him that you need a time-span for his expectations for seeing into the past. I wouldn't run this forever but if you get an idea of his expectations you can prepare for it.
Well you store it in your logging system, of course, like you always should.
From his explanation It would seem like it's infinite logs in which case I would move them onto a file server or something to be referenced later--unless you have a better idea, which very well may be the case
Correct me if I'm wrong, but aren't the Windows Event Logs rolling logs? They collect until the log files reach X amount of space and then clean out old records?
By default, yes. But you should not have your logs remaining local, you send it to your logging system and set retention there.
COUGH ELK Server COUGH
-
I just got an email this morning from Netwrix. They have a File Change Notifier tool that is free....
https://start.netwrix.com/free_tool_for_change_auditing_of_file_servers.html
Test it out and see if you like it. I haven't been bombarded by spam emails or phone calls from them.
-
@dafyre Nice
-
I get so many emails from Netwrix that everything goes directly to the bin.
-
@scottalanmiller said:
I get so many emails from Netwrix that everything goes directly to the bin.
Ha ha ha. You should probably have a word with them about that.
I get like one or two a month, I think.
-
Any alternative to Netwrix? Their pricing is a bit too high for us.
-
@LAH3385 said:
Any alternative to Netwrix? Their pricing is a bit too high for us.
Do you need anything other than the free one?
-
-
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Any alternative to Netwrix? Their pricing is a bit too high for us.
Do you need anything other than the free one?
It is just a notifier right? The Auditor is a paid application. Do they do the same thing?
Good point. I honestly dont' know as I have never used either. I am familiar with Netwrix for a couple of their other free tools.
I'd imagine the Notifier would have some kind of logs in it. I just saw the email this morning and thought of you.
-
@dafyre said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Any alternative to Netwrix? Their pricing is a bit too high for us.
Do you need anything other than the free one?
It is just a notifier right? The Auditor is a paid application. Do they do the same thing?
Good point. I honestly dont' know as I have never used either. I am familiar with Netwrix for a couple of their other free tools.
I'd imagine the Notifier would have some kind of logs in it. I just saw the email this morning and thought of you.
awww how nice of you
-
@LAH3385 said:
@dafyre said:
@LAH3385 said:
@dafyre said:
@LAH3385 said:
Any alternative to Netwrix? Their pricing is a bit too high for us.
Do you need anything other than the free one?
It is just a notifier right? The Auditor is a paid application. Do they do the same thing?
Good point. I honestly dont' know as I have never used either. I am familiar with Netwrix for a couple of their other free tools.
I'd imagine the Notifier would have some kind of logs in it. I just saw the email this morning and thought of you.
awww how nice of you
I try.