RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server

[Shaun Mickey]

Yeah, the auditing needs some supervision, you can use a script to read the file every 6 hours or so.    Basically move the current file, create a new one, and rename the old in a date-time.txt format. Then parse it for what you’re looking for and spit out some basic custom XHTML page (or xml).  That wouldn’t be too bad of a _vbscript_ especially with regular _expression_ searches.   Or you could use some other kind of log processor/web stats package (sawmill log analyzer supports a lot of formats) instead of creating a custom solution.     I think you can limit some of the entries in auditing by picking certain usernames to watch, haven’t really used it a whole lot, but it’s damn useful.  Web stats will only show you connections to the file by IIS, whereas auditing will show you every access from a particular username.  I would google it some, just to see what kinda options are out there for using it, might be some filters you could include or something of the like.   Thanks, Shaun ----------------------------------------------------------- Shaun Mickey  270net Technologies Phone: 301.663.6000 x28 Fax: 301.663.4410 www.270net.com "Internet/Technology Solutions for Business and Government" ----------------------------------------------------------- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Wednesday, May 31, 2006 4:09 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server   It is a dev/staging server running in a virtual server environment so I have to be a bit careful what I turn on or don’t.   I tried the auditing a file. Wow talk about generating Security Event Log records. I turned auditing on for two files bginfo.exe and its corresponding config.bgi file. Then I ran it to generate the background on file server. That simple little thing created 15 log entries.   If we turn this on we are going to need something to parse the security log file as I can see that it is going to produce a HUGE amount traffic in there.   Goran Jovanovic Omega Network Solutions     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shaun Mickey Sent: Wednesday, May 31, 2006 3:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server   You could also enable auditing in Windows to examine file level access, just r-click on any file/folder and select properties, click on the security tab then click advanced then click on the auditing tab.   WARNING: auditing a lot of high-use files could strain the server   That being said, your on a dev server so it should be alright, though I would keep the number of files you’re auditing to a minimum or as small a group as possible   Thanks, Shaun ----------------------------------------------------------- Shaun Mickey  270net Technologies Phone: 301.663.6000 x28 Fax: 301.663.4410 www.270net.com "Internet/Technology Solutions for Business and Government" ----------------------------------------------------------- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Wednesday, May 31, 2006 3:16 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server   Source code activity would be best analyzed with Visual SourceSafe or another code control system.  For watching use of the sites for testing, etc. just enable logging for the virtual webs and run reports on the web traffic. Darin.     ----- Original Message ----- From: Goran Jovanovic To: Declude.JunkMail@declude.com Sent: Wednesday, May 31, 2006 2:35 PM Subject: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server   Hi All,   This is definitely an off topic question.   I have a client that wants to monitor what their outsourced developers are doing. The development is taking place in IIS, .Net Application Server and SQL 2000. They want to know generally speaking what they are doing. Are the development servers being used/tested? Would not have to report on what exactly is being changed etc but some sort of activity report.   Does anyone know of anything that can report on this type of activity.   Thanks   Goran Jovanovic Omega Network Solutions