Auditing tools

I am looking for an auditing tool for server 2008r2 that will show the results of files and folders being access also account lockouts.  Recommendations please.
DMiller101Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tony GiangrecoCommented:
There are auditing options you can turn on in your default domain's GPO that will log these events.  In Administrator's tools, you can edit the GPO's computer security.

http://msdn.microsoft.com/en-us/library/ms813959.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MaheshArchitectCommented:
For account lockouts you have to look events on domain controllers security event log

On member servers you can't find account lockout entries in events

Also to audit file \ folders on 2008 r2 servers, add those servers in separate OU and add new GPO there, in GPO set auditing for "Audit Object Access for failure and success

Also on all shared folders on server enable auditing for all users \ specific users depending upon your requirement
Auditing option can be find on folder properties\security\advanced\auditing tab

Mahesh.
0
DMiller101Author Commented:
All of those step's have been taken ... What I am looking for is a tool to collect and filter the data.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

MaheshArchitectCommented:
You can use AD audit plus tool from Manage engine
OR
SCOM event log data collector, but it will then require to install SCOM
0
Pramod UbheCommented:
this one is a costly solution but splunk can index all the eventlogs from the servers those are set to forward the logs to a central server and then you can have a consolidated output/graphs/details on gui in the way you want based on the custom search queries.

http://www.splunk.com/view/log-management/SP-CAAAC6F
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.