troubleshooting Question

Event Viewer, File access logging and tools to review

Avatar of LBTechSol
LBTechSol asked on
Windows Server 2008* auditing
3 Comments1 Solution572 ViewsLast Modified:
I have enabled the Audit logging of events on a central file server, these are set to archive every 100Mb to a network share for off server storage. As you can imagine there are lots of events to review BUT the default tool is proving very difficult to use and gather the correct information im looking for. So.....

I need to track file access over the next 3 months for 2 users they have been added to the Auditing settings and i can see things are reporting back to the security logs.

1) Events to be looking out for (file open, access, delete, copy etc..) what are the best event ID's to be looking for here
2) Event Viewer, are there any good free event viewing tools out there?>

Any advice would be much appreciated.

Thanks,
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 3 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros