[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

SBS 2003 file access auditing / monitoring

Posted on 2006-04-19
9
Medium Priority
?
1,367 Views
Last Modified: 2012-06-21
I would like to be able to monitor/audit the file activity of users witin an SBS 2003 network (who changes what, where and when). I know there is a monitoring feature in Windows 2003 Server which writes to the Security Log - however, I don't know much about this and whether it delivers nice reports of this info... I haven't got the time to spend lots of time going through event logs.

Is there a feature in SBS which can deliver me reports of who's doing what (in a nice readable format) on our network? If not, any recommendations of tools which I can install (would be nice if they were opensource/freeware ;O) ).

Thanks for your comments.

0
Comment
Question by:omb
  • 3
  • 2
  • 2
7 Comments
 
LVL 10

Accepted Solution

by:
victornegri earned 100 total points
ID: 16493400
You can enable auditing on anything on your SBS server (the one that goes to the security log) but it's a pain to read and filter for events that are worth looking at. A program I use to parse the event logs is GFI Event Log Monitor (gfi.com). You can set it to monitor for any event log id and email you with the pertinent events.
0
 
LVL 1

Assisted Solution

by:bluntguy76
bluntguy76 earned 100 total points
ID: 16511185
If you run SBS 2003 you might want to take a look at a product called "health monitor" installed by default.
it is part of a bigger software call application center 2000 ( SBS 2003 only has the health monitoring module though )

Anyways, this tool allows you to receive a bunch of stats daily/weekly to an email address. Pretty neat for a small environment.

0
 
LVL 3

Author Comment

by:omb
ID: 16524757
Thanks for the feedback.

victornegri: Does GFI Event Log Monitor take all the logging info out of the Security Log and make it more readible? With this product can I easily see file access info for my fileserver (who did what to which file and when)?

bluntguy76: Can Health Monitor deliver me reports / stats of file access info for my fileserver (who did what to which file and when)?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 10

Expert Comment

by:victornegri
ID: 16526265
It won't tell you anymore information than an event in the security log (which does tell you who did what to which file and when). You can, however, set it to only monitor for these events after-hours or only on a specific server, etc.
0
 
LVL 3

Author Comment

by:omb
ID: 16526465
What I am after is a tool to analyse the Security Log so that I can query and report it i.e. which user last had access to file1 or which files has user1 last edited/accessed? Will the GFI solution help me here?
0
 
LVL 10

Expert Comment

by:victornegri
ID: 16526515
Yes. There's a tool (that comes with the package) called GFI Reporter (or something like that) where you can create custom reports based on whatever criteria you want.

Try the program out. Go to gfi.com and download a 30 day (I think) trial where you can monitor up to 3 servers.
0
 
LVL 1

Expert Comment

by:bluntguy76
ID: 16544541
bluntguy76: Can Health Monitor deliver me reports / stats of file access info for my fileserver (who did what to which file and when)?

No it's not that "powerfull"
It only monitors one server.
You can create custom reports but there are mostly all based on the WMI ( all these counters that you can access through the performance console )

0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Experts Exchange expands question security options for members.
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question