SBS 2003 file access auditing / monitoring

I would like to be able to monitor/audit the file activity of users witin an SBS 2003 network (who changes what, where and when). I know there is a monitoring feature in Windows 2003 Server which writes to the Security Log - however, I don't know much about this and whether it delivers nice reports of this info... I haven't got the time to spend lots of time going through event logs.

Is there a feature in SBS which can deliver me reports of who's doing what (in a nice readable format) on our network? If not, any recommendations of tools which I can install (would be nice if they were opensource/freeware ;O) ).

Thanks for your comments.

LVL 3
ombAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

victornegriCommented:
You can enable auditing on anything on your SBS server (the one that goes to the security log) but it's a pain to read and filter for events that are worth looking at. A program I use to parse the event logs is GFI Event Log Monitor (gfi.com). You can set it to monitor for any event log id and email you with the pertinent events.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bluntguy76Commented:
If you run SBS 2003 you might want to take a look at a product called "health monitor" installed by default.
it is part of a bigger software call application center 2000 ( SBS 2003 only has the health monitoring module though )

Anyways, this tool allows you to receive a bunch of stats daily/weekly to an email address. Pretty neat for a small environment.

0
ombAuthor Commented:
Thanks for the feedback.

victornegri: Does GFI Event Log Monitor take all the logging info out of the Security Log and make it more readible? With this product can I easily see file access info for my fileserver (who did what to which file and when)?

bluntguy76: Can Health Monitor deliver me reports / stats of file access info for my fileserver (who did what to which file and when)?
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

victornegriCommented:
It won't tell you anymore information than an event in the security log (which does tell you who did what to which file and when). You can, however, set it to only monitor for these events after-hours or only on a specific server, etc.
0
ombAuthor Commented:
What I am after is a tool to analyse the Security Log so that I can query and report it i.e. which user last had access to file1 or which files has user1 last edited/accessed? Will the GFI solution help me here?
0
victornegriCommented:
Yes. There's a tool (that comes with the package) called GFI Reporter (or something like that) where you can create custom reports based on whatever criteria you want.

Try the program out. Go to gfi.com and download a 30 day (I think) trial where you can monitor up to 3 servers.
0
bluntguy76Commented:
bluntguy76: Can Health Monitor deliver me reports / stats of file access info for my fileserver (who did what to which file and when)?

No it's not that "powerfull"
It only monitors one server.
You can create custom reports but there are mostly all based on the WMI ( all these counters that you can access through the performance console )

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.