Audit Share Folder
I have many Share folder on Server 2003 Is there a way to be able to audit the share
per example I want to know who access the folder and which file and what action is done as modify create delete .
can you send me the information as much detai as possible
thanks
per example I want to know who access the folder and which file and what action is done as modify create delete .
can you send me the information as much detai as possible
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Note that this type of auditing adds many entries to the security log. you might want to consider using event forwarding that is part of windows such that all the events are collected on a single system where it can be analyzed or use something like splunk for log analysis.
Presumably you will not be sitting watching the access in real time but need a record in the event you have to review something.
Presumably you will not be sitting watching the access in real time but need a record in the event you have to review something.
ASKER
How to configure event forwarding on Windows 2003
can you send me the detail
can you send me the detail
http://msdn.microsoft.com/en-us/library/bb427443%28v=vs.85%29.aspx
http://blogs.technet.com/b/wincat/archive/2009/06/23/forwarding-security-events-from-windows-xp-server-2003-and-vista-server-2008.aspx
The aggregator/collector server must be 2003 R2 or newer.
http://blogs.technet.com/b/wincat/archive/2009/06/23/forwarding-security-events-from-windows-xp-server-2003-and-vista-server-2008.aspx
The aggregator/collector server must be 2003 R2 or newer.
ASKER
is there a site I can find a ready script for event forwarding or othe software can do the same job
The links to MS point how you would go about to setup the forwarding/subscribing.
You can also use snmptrad daemon and setup SNMP on each server. Then using evntwin you would configure the security events to snmptrap mapping.
Try and see whether splunk is what you want.
http://msdn.microsoft.com/en-us/library/aa394593%28v=vs.85%29.aspx
Are you familiar with vbscript/databases
You could use the above rertieving the logs while inserting them into a database (ms sql)
You can also use snmptrad daemon and setup SNMP on each server. Then using evntwin you would configure the security events to snmptrap mapping.
Try and see whether splunk is what you want.
http://msdn.microsoft.com/en-us/library/aa394593%28v=vs.85%29.aspx
Are you familiar with vbscript/databases
You could use the above rertieving the logs while inserting them into a database (ms sql)
ASKER
good reference but no direct way to see all the events on one server 2003
i hope windows 2008 solve this issue more practical way
i hope windows 2008 solve this issue more practical way
sorry forgot also to add the link to article "Operation-based auditing on files or folders" http://technet.microsoft.com/en-us/library/cc738931(WS.10).aspx
Kind regards,
Soren