show file server hits

I have a product that is supposed to be able to write files out to a network share.  The problem is that I have no way to track exactly when and if the system made an attempt to write a file to the network share.  The system supplied by the vender is set up on a cluster of servers and has several accounts on the domain that it uses internally.  We are trying to create reports/files using its built in Ad-Hoc query tool and supplying a network path as a location for the file. Problem is, I don't know which account the report tool will use to try to create the file and I don't know were if any would the attempt be logged if it tried and failed.


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You can turn on auditing for successes and failure on the file server.  
sidwelleAuthor Commented:
Can you tell me where to turn that feature on ?
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

sidwelleAuthor Commented:
That is a good tutorial.  Why so much redundancy in the audit ?

The file that I am editing is in a subfolder, one folder deep from where the root folder for auditing was set. But it's like the log shows an event for the folder, sub-folder, and object.

Looks like I see this pattern about 3 times:
1.) An handle to an object was requested.
2.) An attempt was made to access an object.
3.) The handle to an object was closed.

Here is the log entries for this edit in Ascending order:
1.) An account was successfully logged on.
2.) A network share object was accessed.
3.) A handle to an object was requested.
4.) An attempt was made to access an object.
5.) The object handle was closed.
6.) An object handle was requested.
7.) The object handle was closed.
8.) An object handle was requested.
9.) An attempt was made to access an object.
10.) The handle to an object was closed.
11.) An handle to an object was requested.
12.) An attempt was made to access an object.
13.) The handle to an object was closed.

You would have to ask Microsoft.  They are the ones that created this.

Without looking at the detail of the audit logs, each entry may be showing you different things.

The account successfully logged in, is of course saying that your user-id and password was O.K.

The network share object represents the share you are accessing.  Since you could access multiple shares on the same server, it needs to tell you exactly what share you are going after.  Each share could have its own security so it needs to show that.

Accessing the object I believe would be the actual file and, once again, since you could access multiple files under the same share it has to show each file you are trying to access.  

I'm not sure about the handle's, you might be able to look at the details but this could be related to actually opening and closing the file and if you are opening it in write or read only mode.  

The difference between "object" and "handle" may be what you are actually doing.  The "object" could be looking at the file's attributes where as the handle is the actual reading/writing of the file.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sidwelleAuthor Commented:
The audit is clumsy, but I can get what I need form it.

Thanks for the help.
I personally have not used it, but you may want to try:

I have been told that it is a fairly decent tool.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Server Software

From novice to tech pro — start learning today.