philipfarnes
asked on
logging on domain
Hi,
We are currently being audited, and one thing that has come up is that we do not keep logs of changes to active directory, folder share access basically anything to do with the network.
Can you please tell me the best way to log all of this, and hold onto the data for at least a year. Ideally i would like it in one central database that i can look at.
thanks
phil
We are currently being audited, and one thing that has come up is that we do not keep logs of changes to active directory, folder share access basically anything to do with the network.
Can you please tell me the best way to log all of this, and hold onto the data for at least a year. Ideally i would like it in one central database that i can look at.
thanks
phil
You can enable auditing - to keep the records for more than a few weeks you will need to set up a process to archive the event logs on a regular basis - there is a nice intro at http://www.techrepublic.com/article/solutionbase-creating-a-windows-server-2003-audit-policy/6028421
user netwrix change auditor
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi,
The best way we use..!
enable the Active directory audit logs in AD
http://technet.microsoft.com/en-us/library/cc731607(WS.10).aspx
And also use a 3rd party software fro quest change auditor
http://www.quest.com/changeauditor-for-active-directory/
Regards,
Prem
The best way we use..!
enable the Active directory audit logs in AD
http://technet.microsoft.com/en-us/library/cc731607(WS.10).aspx
And also use a 3rd party software fro quest change auditor
http://www.quest.com/changeauditor-for-active-directory/
Regards,
Prem
You can also use SPLUNK for auditing your Active Directory Environment. i would also setup event forwarding depending on the size of your environment in windows. If you have less than 10 servers it would be a good idea.
With event forwarding you can forward your event log data to one box and have a centralized location for yout logging.