• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 364
  • Last Modified:

Windows 2003 Server File Access Auditing

Hello experts, I would like to set up auditing on a few specific files. I was wondering if someone would be willing to walk me through this process. The server I would like to configure is an active directory domain server, serving approximately 50 users. Thank you in advance.
0
jtgraphic
Asked:
jtgraphic
  • 7
  • 6
1 Solution
 
jtgraphicAuthor Commented:
Is there a way to have the log emailed to me on a regular basis automatically from the server?
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
star_trekCommented:
Okay, may be you can do this: you can set the log parser and save it as a CSV or a graph. it can be scheduled to run daily or weekly. Then you can have another script that is scheduled to run regualrly will email you the logs files.

0
 
jtgraphicAuthor Commented:
How do I save it as a graph?
0
 
jtgraphicAuthor Commented:
Also the log is filling at a very fast pace and not recording only the file I specified but all access
0
 
star_trekCommented:
Script to email the audit logs. You can change this script to you requirements:

Ex: strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate,(Security)}!\\" _
    & strComputer & "\root\cimv2")


Set colLoggedEvents = objWMIService.ExecQuery _
    ("Select * from Win32_NTLogEvent Where" _
    & " Logfile = 'Security' and Type = 'audit success'",,48)


On Error Resume Next
For Each objItem in colLoggedEvents
 Set objEmail = CreateObject("CDO.Message")
 objEmail.From = "Security_Failure"
 objEmail.To = "t...@test.com"
 objEmail.Subject = "Security Failure For (" & "Libgonas02" & ")"
 objEmail.Textbody = objItem.Message
 objEmail.Configuration.Fields.Item _
     ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
 objEmail.Configuration.Fields.Item _
     ("http://schemas.microsoft.com/cdo/configuration/smtpserver") =  "10.32.81.80"
 objEmail.Configuration.Fields.Item _
     ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
 objEmail.Configuration.Fields.Update
 objEmail.Send
 Next

=============================================================

Log parser is a tool that will save the event logs in text or graphical format. You need to install it on the machine. For more info on it:
http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en
http://www.logparser.com/
0
 
jtgraphicAuthor Commented:
What does the first line Ex: strComputer = "."  do, It is generating an error on execution.
0
 
star_trekCommented:
that is the computer name from which you are trying to get the the logs
0
 
jtgraphicAuthor Commented:
I can not get the script to email, what am I missing from the equation?
strComputer = "10.150.199.174"
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate,(Security)}!\\" _
    & strComputer & "\root\cimv2")


Set colLoggedEvents = objWMIService.ExecQuery _
    ("Select * from Win32_NTLogEvent Where" _
    & " Logfile = 'Security' and Type = 'audit success'",,48)


On Error Resume Next
For Each objItem in colLoggedEvents
 Set objEmail = CreateObject("CDO.Message")
 objEmail.From = "Security_Failure"
 objEmail.To = "brucec@msivt.com"
 objEmail.Subject = "Security Failure For (" & "Libgonas02" & ")"
 objEmail.Textbody = objItem.Message
 objEmail.Configuration.Fields.Item _
     ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
 objEmail.Configuration.Fields.Item _
     ("http://schemas.microsoft.com/cdo/configuration/smtpserver") =  "mail.msivt.com"
 objEmail.Configuration.Fields.Item _
     ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
 objEmail.Configuration.Fields.Update
 objEmail.Send
 Next
0
 
star_trekCommented:
I tested the script and working for me: May be you need to add this before the objemail.from:

objEmail.Sender="brucec@msivt.com"
0
 
jtgraphicAuthor Commented:
That was the key, Thank you very much!
0
 
star_trekCommented:
glad to help!!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now