Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Changing Audit log locations

Posted on 2006-11-17
2
Medium Priority
?
206 Views
Last Modified: 2013-12-04
We have a situation where there are files that are sensitive enough we need them audited but only a select subset of users should be able to see those logs.  I need to seperate the auditing logs of those files from the auditing logs of the rest of the files on the system.  I have found the code to create more event logs but how can I direct certain security logs to that newly created event log instead of the standard Security event log.

Thank you
Adam
0
Comment
Question by:SAIonline
2 Comments
 
LVL 24

Accepted Solution

by:
SunBow earned 1500 total points
ID: 17969719
I dunno. Which ones?
You can try to search registry for filename, and change each one.
You 'should' have option available through menu system to get it right, I doubt that is well available
For some, such as Security log for the Event viewer, a right click gets allowance to display properties
From there, see C:\WINDOWS\System32\config\SecEvent.Evt as name of file (default)
Mine is changeable but greyed out. Yours?
You might have to reboot to local, off-net, then login as administrator, often meaning physically present at KB

I advise to NOT try. Reasoning is that there are far too many updates required, where too many things can go wrong such as, those who write update code neglect that there are possibilities other than defaults, and they may either set all back ( a tug of war) or end up with some messages going nowhere (if not crashing systems)

>  only a select subset of users should be able to see those logs

Sometimes it helps to have users read them to help desk. Too rarely, no one ever checks the logs for resolving problems. Users can also be a form of check and balance, where too many installers can cause a problem yet deny that they ever touched the machines (remotely). My preference would be dealing with users, try denying them access to directory store using Windows Explorer (or similar tool).

Check Local Security Settings \ Local Policies \ User Rights Assignments
for items like
Managing auditing and security log
0
 
LVL 2

Author Comment

by:SAIonline
ID: 17979098
SunBow
I am able to change where the default security entries are logged, but that doesn't get me to where I need to be.  On our file server there is a directory that only certain director and VP level users should be able to see.  We want to audit that directory but I am told that even our security team should not know what is in that directory.  That presents a problem because the security log will log the name of the file when someone attempts to gain (succefully or not) access to that file. The rest of the files should be (and are) audited normally by our security team.  I wanted to generate the logs for that directory and child objects to a different log file accessible by only those they deem fit.  Does that make more sense now?  I told them because of the nature of the directory that maybe it should be moved to a different server, but they wanted to try and leave it where it is for ease of use (VP's) if we can.  Any other ideas, even thrid party apps are on the table.  I need something that will only write events for a single directory to a seperate log of some kind, without disturbing the auditing already in place.  (Yes I know it may be futile)

Thank you
Adam
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question