Security Log analysis / reporting tools

Posted on 2006-04-24
Last Modified: 2013-12-04
I have a Windows SBS 2003 server and would like to track user activity (such as read, create, modify on dirs & files) using the SACL of AD. Enabling an audit of directory service access writes all events to the security log. Going through this info is time-consuming and a real nightmare!

I am after a tool which does this for me so that I can query and report the security log i.e. which user last had access to file1 or which files has user1 last edited/accessed.

any ideas?
Question by:omb
    LVL 16

    Accepted Solution

    Note that enabling auditing of "Directory Service Access" is NOT auditing access to files and directories - it's actually auditing access to the Active Directory database.

    You want to enable "Audit Object Access" - that will allow you to go into the properties of a directory, and turn on auditing and select for which users/groups to audit.

    After that, you should start seeing data in the security log. To query it, look at MS Log Parser:

    Here's an article on using it to parse IIS logs (not exactly what you want, but might be interesting)

    Here's an overview of the different security log event IDs you'll see:

    LVL 3

    Author Comment

    Thanks for the clarification. I have now enabled "Audit Object Access" and specified which dirs I would like audited. Now, lots of events are being written to my security log.

    I have checked out MS Log Parser... looks OK but I would prefer a GUI-based program. Any ideas of other software with a nice graphical interface which could analyse and report on the security log events?

    LVL 38

    Assisted Solution

    by:Rich Rumble
    GFI's SELM is great, but cost money:
    And yes you should turn up the logging if your using the default that the OS uses out of the box.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Suggested Solutions

    In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now