Hi, list. I'm interested in how can I maintain audit of Windows file server share files access. I feel that it can be done with Server Sensor installed which task is to control Windows event log, but it's not exactly what i want, because Windows generates about 3 events (sometimes more) for one access type and in this case i'll get a huge amount of events and most of them will be unneeded. If to analyze eventlog is the only way, I feel that it's better to post eventlog to syslog server with Server Sensor on it and to make a number of user-defined text file events... But, does anyone know how to force Server sensor to control every access to file system without using windows Eventlog? And to make a reports with user name, file name, access type (i.e. R,W,X,D,C).
Thank you. Any solution, suggestion is welcome. --- Best regards, Sergey V. Soldatov. Information security department. tel/fax +7 095 745 89 50 (1613) _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
