Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Logging / Auditing when files are deleted

Posted on 2007-11-21
3
Medium Priority
?
443 Views
Last Modified: 2013-12-05
I have enabled auditing on a directory to log the following:

Name:  Everyone
Delete Subfolders and files (Success and Failure)
Delete (Success and Failure)

I am trying to log everytime a file is deleted in the directory.  i want to capture the file name and who did it.  When I leave it set to "everyone", I don't get any entries.  If I add a specific username, I only log 564 events.  That would be fine, except that 564 events don't tell you what was deleted, it only tells you that the user did delete something:

Event Type:      Success Audit
Event Source:      Security
Event Category:      Object Access
Event ID:      564
Date:            11/21/2007
Time:            2:19:07 PM
User:            domainname\ftpfailover
Computer:      servername
Description:
Object Deleted:
       Object Server:      Security
       Handle ID:      2340
       Process ID:      616
       Image File Name:      C:\WINDOWS\explorer.exe

Can someone explain how I go about setting up logging to track when a file is deleted and who deleted?
0
Comment
Question by:InvoiceInsight
3 Comments
 
LVL 31

Accepted Solution

by:
Toni Uranjek earned 2000 total points
ID: 20330390
Hi InvoiceInsight,

You should look for prior EventID: 560 with the same handle ID. You need to check both events: 560 and 564 to get complete information, unfortunately.

HTH

Toni
0
 
LVL 15

Expert Comment

by:JimboEfx
ID: 20361252
If you want a commercial solution:

http://www.scriptlogic.com/products/filesystemauditor/

Good reporting, saves your time. Not that expensive.
0
 

Author Closing Comment

by:InvoiceInsight
ID: 31410440
That sucks that you have to correlate two event ID's but at least I know how to track it now.  Thanks!
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Integration Management Part 2

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question