RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server

[Robert E. Spivack]

Let’s start at the high-level:   What question are you trying to answer?   e.g:     “Are the developers spending enough time doing the work they should be doing”?   “Are the developers doing things they should not be doing”?   “Are the developers competent and performing their job properly”?   “Are the developers hours spent working matching their timesheets/project sheets?   Etc.     There are different solutions depending upon your objectives.     Note: Personally, for outsourcing I pay based on a project or deliverable so tracking time/usage is of no interest to me.  I pay for a certain result and don’t care if it takes an hour or a week to do it.  Also, I audit the quality of the finished product/code/service, I don’t care about the tools/methods used to reach that goal.   In your case:   Since you have a virtual server environment, you can also audit at the host level.  E.g. you can run SNMP tools and measure traffic (bps and total bytes in/out) on the virtual network ports of the virtual machine to see the activity level. You can see the protocol (http, http, netbios, smb, etc.) to see what type of activity is flowing through the machine.  If you run the tool in a virtual machine on the same physical host, it can use packet capture to fully analyze the traffic and not just SNMP/WMI.   You might consider re-writing your outsourcing contract.  You really shouldn’t have to police the project/micromanage it.  Afterall, management of outsourcing is the hidden cost that can eat you alive and remove any cost benefits so why allow yourself to fall into that black hole?   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Wednesday, May 31, 2006 1:09 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server   It is a dev/staging server running in a virtual server environment so I have to be a bit careful what I turn on or don’t.   I tried the auditing a file. Wow talk about generating Security Event Log records. I turned auditing on for two files bginfo.exe and its corresponding config.bgi file. Then I ran it to generate the background on file server. That simple little thing created 15 log entries.   If we turn this on we are going to need something to parse the security log file as I can see that it is going to produce a HUGE amount traffic in there.   Goran Jovanovic Omega Network Solutions     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shaun Mickey Sent: Wednesday, May 31, 2006 3:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server   You could also enable auditing in Windows to examine file level access, just r-click on any file/folder and select properties, click on the security tab then click advanced then click on the auditing tab.   WARNING: auditing a lot of high-use files could strain the server   That being said, your on a dev server so it should be alright, though I would keep the number of files you’re auditing to a minimum or as small a group as possible   Thanks, Shaun ----------------------------------------------------------- Shaun Mickey  270net Technologies Phone: 301.663.6000 x28 Fax: 301.663.4410 www.270net.com "Internet/Technology Solutions for Business and Government" ----------------------------------------------------------- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Wednesday, May 31, 2006 3:16 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server   Source code activity would be best analyzed with Visual SourceSafe or another code control system.  For watching use of the sites for testing, etc. just enable logging for the virtual webs and run reports on the web traffic. Darin.     ----- Original Message ----- From: Goran Jovanovic To: Declude.JunkMail@declude.com Sent: Wednesday, May 31, 2006 2:35 PM Subject: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server   Hi All,   This is definitely an off topic question.   I have a client that wants to monitor what their outsourced developers are doing. The development is taking place in IIS, .Net Application Server and SQL 2000. They want to know generally speaking what they are doing. Are the development servers being used/tested? Would not have to report on what exactly is being changed etc but some sort of activity report.   Does anyone know of anything that can report on this type of activity.   Thanks   Goran Jovanovic Omega Network Solutions