Link to home
Start Free TrialLog in
Avatar of philipfarnes
philipfarnes

asked on

logging on domain

Hi,

We are currently being audited, and one thing that has come up is that we do not keep logs of changes to active directory, folder share access basically anything to do with the network.

Can you please tell me the best way to log all of this, and hold onto the data for at least a year.  Ideally i would like it in one central database that i can look at.

thanks

phil
Avatar of Brian Pierce
Brian Pierce
Flag of United Kingdom of Great Britain and Northern Ireland image
You can enable auditing - to keep the records for more than a few weeks you will need to set up a process to archive the event logs on a regular basis - there is a nice intro at http://www.techrepublic.com/article/solutionbase-creating-a-windows-server-2003-audit-policy/6028421
Avatar of Muzafar Momin
Muzafar Momin
Flag of India image
user netwrix change auditor
ASKER CERTIFIED SOLUTION
Avatar of Awinish
Awinish
Flag of India image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Premkumar Yogeswaran
Premkumar Yogeswaran
Flag of India image
Hi,

The best way we use..!

enable the Active directory audit logs in AD
http://technet.microsoft.com/en-us/library/cc731607(WS.10).aspx

And also use a 3rd party software fro quest change auditor
http://www.quest.com/changeauditor-for-active-directory/

Regards,
Prem
Avatar of ActiveDirectoryman
ActiveDirectoryman

You can also use SPLUNK for auditing your Active Directory Environment.  i would also setup event forwarding depending on the size of your environment in windows.  If you have less than 10 servers it would be a good idea.  

With event forwarding  you can forward your event log data to one box and have a centralized location for yout logging.