?
Solved

Log end user activity

Posted on 2013-01-18
3
Medium Priority
?
914 Views
Last Modified: 2013-12-06
Hi,

I need to find an end user monitoring solution for a client. They would like to log specific events:
- Every network share and file accessed by the user
- Every document name printed by the user
- Every file copied from network shares to local machine
- Every file copied onto external media (USB, CD, DVD etc)

The system does not need to be able to block the end user from performing any of these actions, simply to log the details of it for audit purposes.

Any suggestions or thoughts appreciated.
Thanks
0
Comment
Question by:Roger Adams
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Expert Comment

by:mo_patel
ID: 38792343
firstly you need to enable auditing on the files folders where the sensitive info is kept then yes u can get the info.

One thing to bear in mind is that 'if you do want to track everything' will have too too much info there, take you ages to sift through it all, and not to mention fill up the disk space.  also will be very expensive.

I recommend you explain this to clients and only enable auditing on key files/folders.

a best practise for this kind of situations is once auditing is enabled to then use a SIEM utility to monitor the events and if a match is found to log the events into threads...

So basically you would have threads for:

i.e.
- logon events
- object access
- folder access etc
- log off events

To get event ID's use this link

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/Default.aspx

One thing to NOTE is that there is no COPY event, its not that simple, so you will have to once enabled auidting and SIEM capture to test all this by accessing files, copying files etc.

One such solution is NNT LogTracker.........loads more on market, they are not free and not cheap.........
0
 
LVL 6

Expert Comment

by:mo_patel
ID: 38792358
OR if you do have loads of free time, good with SQL, you can use LogParser and write your own SIEM tool to download the logs into a SQL DB and then write your own queries to extract the info, will never be as good as a paid version,

but atleast its an alternative....
0
 
LVL 4

Accepted Solution

by:
JustMy2Cents earned 1500 total points
ID: 38796204
You should give a look to a 3rd-party software solution called FileAudit, that allows tracking, auditing, reporting and alerting on all access to shares, files and folders on Windows servers.

Info and trial version:
http://www.isdecisions.com/products/fileaudit

P.S. I also noticed there is a new version coming (still in beta for now):
http://community.isdecisions.com/knowledgebase/articles/142333-fileaudit-4-beta-testing-program-how-to
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses
Course of the Month14 days, 12 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question