[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Auditing and Event Viewer

Posted on 2006-03-21
4
Medium Priority
?
538 Views
Last Modified: 2012-08-14
Hello All

We have recently enabled auditing on our file server.  I am noticing that we get quite a few events each time a file is created, deleted, etc.  I have noted that Event ID 560 is associated with a file modification, but I also receive them for other actions.  I need to be able to look at the Event Viewer and know what file was acceessed, in what way and by who.  My question is: how can I definitivley tell which ID is for what action?

Thanks in advance
0
Comment
Question by:IOIT
2 Comments
 
LVL 7

Accepted Solution

by:
imacgouf earned 500 total points
ID: 16255519
Hi IOIT,

You may wish to download this freeware Event Log Explorer http://www.snapfiles.com/get/eventlogexplorer.html

Event Log Explorer allows administrators to view, monitor and analyze events recorded in the Security, System, Application and other logs. The program extends the features of the standard event log viewer by offering detailed filtering capabilities, that allow you to view events by category, event ID, event type, user, as well as by date or keyword match. Event Log Explorer can also export your evnts as HTML or printable text report.

Hope it helps
0
 
LVL 6

Assisted Solution

by:essaydave
essaydave earned 500 total points
ID: 16257866
This page will definitively tell you what ID is for what action:

http://www.microsoft.com/technet/security/prodtech/windows2000/w2kccscg/w2kscgcb.mspx

Just do a search for "Category: Object access" and it'll show up what the event IDs are.  

There's also EventCombMT from Microsoft available here (with a couple other handy tools in the package):

http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Its a similar kind of tool to the one mentioned above, handy for digging through logs.  And while you're digging through logs, don't forget the awesome Logparser:

http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en

Have fun :)
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we will discuss all things related to StageFright bug, the most vulnerable bug of android devices.
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question