Solved

Log end user activity

Posted on 2013-01-18
3
910 Views
Last Modified: 2013-12-06
Hi,

I need to find an end user monitoring solution for a client. They would like to log specific events:
- Every network share and file accessed by the user
- Every document name printed by the user
- Every file copied from network shares to local machine
- Every file copied onto external media (USB, CD, DVD etc)

The system does not need to be able to block the end user from performing any of these actions, simply to log the details of it for audit purposes.

Any suggestions or thoughts appreciated.
Thanks
0
Comment
Question by:Roger Adams
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Expert Comment

by:mo_patel
ID: 38792343
firstly you need to enable auditing on the files folders where the sensitive info is kept then yes u can get the info.

One thing to bear in mind is that 'if you do want to track everything' will have too too much info there, take you ages to sift through it all, and not to mention fill up the disk space.  also will be very expensive.

I recommend you explain this to clients and only enable auditing on key files/folders.

a best practise for this kind of situations is once auditing is enabled to then use a SIEM utility to monitor the events and if a match is found to log the events into threads...

So basically you would have threads for:

i.e.
- logon events
- object access
- folder access etc
- log off events

To get event ID's use this link

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/Default.aspx

One thing to NOTE is that there is no COPY event, its not that simple, so you will have to once enabled auidting and SIEM capture to test all this by accessing files, copying files etc.

One such solution is NNT LogTracker.........loads more on market, they are not free and not cheap.........
0
 
LVL 6

Expert Comment

by:mo_patel
ID: 38792358
OR if you do have loads of free time, good with SQL, you can use LogParser and write your own SIEM tool to download the logs into a SQL DB and then write your own queries to extract the info, will never be as good as a paid version,

but atleast its an alternative....
0
 
LVL 4

Accepted Solution

by:
JustMy2Cents earned 500 total points
ID: 38796204
You should give a look to a 3rd-party software solution called FileAudit, that allows tracking, auditing, reporting and alerting on all access to shares, files and folders on Windows servers.

Info and trial version:
http://www.isdecisions.com/products/fileaudit

P.S. I also noticed there is a new version coming (still in beta for now):
http://community.isdecisions.com/knowledgebase/articles/142333-fileaudit-4-beta-testing-program-how-to
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question