Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Changing Audit log locations

Posted on 2006-11-17
2
Medium Priority
?
205 Views
Last Modified: 2013-12-04
We have a situation where there are files that are sensitive enough we need them audited but only a select subset of users should be able to see those logs.  I need to seperate the auditing logs of those files from the auditing logs of the rest of the files on the system.  I have found the code to create more event logs but how can I direct certain security logs to that newly created event log instead of the standard Security event log.

Thank you
Adam
0
Comment
Question by:SAIonline
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 24

Accepted Solution

by:
SunBow earned 1500 total points
ID: 17969719
I dunno. Which ones?
You can try to search registry for filename, and change each one.
You 'should' have option available through menu system to get it right, I doubt that is well available
For some, such as Security log for the Event viewer, a right click gets allowance to display properties
From there, see C:\WINDOWS\System32\config\SecEvent.Evt as name of file (default)
Mine is changeable but greyed out. Yours?
You might have to reboot to local, off-net, then login as administrator, often meaning physically present at KB

I advise to NOT try. Reasoning is that there are far too many updates required, where too many things can go wrong such as, those who write update code neglect that there are possibilities other than defaults, and they may either set all back ( a tug of war) or end up with some messages going nowhere (if not crashing systems)

>  only a select subset of users should be able to see those logs

Sometimes it helps to have users read them to help desk. Too rarely, no one ever checks the logs for resolving problems. Users can also be a form of check and balance, where too many installers can cause a problem yet deny that they ever touched the machines (remotely). My preference would be dealing with users, try denying them access to directory store using Windows Explorer (or similar tool).

Check Local Security Settings \ Local Policies \ User Rights Assignments
for items like
Managing auditing and security log
0
 
LVL 2

Author Comment

by:SAIonline
ID: 17979098
SunBow
I am able to change where the default security entries are logged, but that doesn't get me to where I need to be.  On our file server there is a directory that only certain director and VP level users should be able to see.  We want to audit that directory but I am told that even our security team should not know what is in that directory.  That presents a problem because the security log will log the name of the file when someone attempts to gain (succefully or not) access to that file. The rest of the files should be (and are) audited normally by our security team.  I wanted to generate the logs for that directory and child objects to a different log file accessible by only those they deem fit.  Does that make more sense now?  I told them because of the nature of the directory that maybe it should be moved to a different server, but they wanted to try and leave it where it is for ease of use (VP's) if we can.  Any other ideas, even thrid party apps are on the table.  I need something that will only write events for a single directory to a seperate log of some kind, without disturbing the auditing already in place.  (Yes I know it may be futile)

Thank you
Adam
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question