Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

logging on domain

Posted on 2011-03-16
5
Medium Priority
?
282 Views
Last Modified: 2012-05-11
Hi,

We are currently being audited, and one thing that has come up is that we do not keep logs of changes to active directory, folder share access basically anything to do with the network.

Can you please tell me the best way to log all of this, and hold onto the data for at least a year.  Ideally i would like it in one central database that i can look at.

thanks

phil
0
Comment
Question by:philipfarnes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 35146074
You can enable auditing - to keep the records for more than a few weeks you will need to set up a process to archive the event logs on a regular basis - there is a nice intro at http://www.techrepublic.com/article/solutionbase-creating-a-windows-server-2003-audit-policy/6028421
0
 
LVL 10

Expert Comment

by:Muzafar Momin
ID: 35146206
user netwrix change auditor
0
 
LVL 24

Accepted Solution

by:
Awinish earned 2000 total points
ID: 35146889
You can have centralize storage or disc to store the logs into it.

http://technet.microsoft.com/en-us/library/cc731607%28WS.10%29.aspx

You can also consider manageenginer tool, its really good.
http://www.manageengine.com/products/active-directory-audit/

0
 
LVL 17

Expert Comment

by:Premkumar Yogeswaran
ID: 35149038
Hi,

The best way we use..!

enable the Active directory audit logs in AD
http://technet.microsoft.com/en-us/library/cc731607(WS.10).aspx

And also use a 3rd party software fro quest change auditor
http://www.quest.com/changeauditor-for-active-directory/

Regards,
Prem
0
 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 35173829

You can also use SPLUNK for auditing your Active Directory Environment.  i would also setup event forwarding depending on the size of your environment in windows.  If you have less than 10 servers it would be a good idea.  

With event forwarding  you can forward your event log data to one box and have a centralized location for yout logging.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question