I have been asked to research the best solution for auditing our Windows servers. We need to be able to find out who deleted, moved or copied files to and from the servers. We run a Windows 2008 r2 fully functional level domain and our file servers are 2003, 2003 r2 and 2008 r2.
I know this can be setup to report to the even viewer, but is this the only way and what is the best tool to actually find this information.
I assume I will asked question like the following :-
What files has user xxxx accessed?
List all the files that have been deleted
File xxx.doc has been deleted, who did it and when.
What are people using to do this? Is Splunk a good option here as we would get the option to monitor other types of logs and not just Microsoft ones.
An information would be most welcome.