True, it may not be too difficult to capture all the information, but it could be very resource-intensive to actually make use of it. The secret is to capture only what you need, not "everything that happens", so it's easier discern what's really going on.
For a small office environment there are several useful and low-cost systems that could be implemented to help in this regard. OpenDNS is one, and the tools from Adventnet can also assist in making sense of it all. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _____ From: Durf [mailto:[email protected]] Sent: Wednesday, January 07, 2009 10:49 AM To: NT System Admin Issues Subject: Re: Auditing Everything Christ you all. It doesn't have to be this hard. If they have a Sonicwall, buy the Viewpoint module. If they don't have a Sonicwall, then get them one. There are equivalent products for Cisco and Watchguard. For AD, just turn on appropriate auditing and use GFI EventSentry to gather and report on events. That's it, you're done. Aside from literal keystroke logging on the workstations, these two items will handle everything else on the network that is appropriate. Whether they *should* do it or not is a whole different question, and not what the OP asked. -- Durf On Wed, Jan 7, 2009 at 10:44 AM, Roger Wright <[email protected]> wrote: And how many people does he plan to hire to review and report on all this data? You'll probably need to add storage and another server to accommodate it. Take a look at Adventnet's Eventlog Analyzer... http://manageengine.adventnet.com/products/eventlog/index.html Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _____ From: Alex Carroll [mailto:[email protected]] Sent: Wednesday, January 07, 2009 10:25 AM To: NT System Admin Issues Subject: Auditing Everything I have a request from my CEO to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any of you have a good solution you can recommend for that? I can google all I want, but I won't know the real world experience by doing that. We are a smaller company - 16 users. Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production. We use XP and Vista. Thanks in advance! Alex Carroll Software Support Crabtree Companies, Inc. 651-688-2727 -- -------------- Give a man a fish, and he'll eat for a day. Give a fish a man, and he'll eat for weeks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
