Hi,
I have a RealSecure
Server Sensor 6.5 on a Windows 2000 Server machine with NTFS partitions. My task
is to create a User Defined Event (OS Events/User Defined Events/Event Log
Rules), with which I will be able to monitor the audit events generated when a
folder permission is changed.
I set up the
auditing of the windows box to receive the security event log messages for it,
but the RS does not reacts on it, however the event log messages are
there.
If I use the same
rule to monitor event messages for files (not folders), the RS rule starts
working.
Do you have any
idea, why I can't monitor the audit events for NTFS folders, though it
works for files?
Thanks in
advance,
Attila Korcsmar
�