Not, that's not it, and he won't be done. Someone still has to review the logs, and understand what's happening.
The order is to "audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc" It's the "audit .. change files, delete files, use any programs" part that is going to be hell to fulfill. It ain't going to happen, without at least a couple of people going over the logs, and that's after they install the auditing software on all of the machines. As I said, even if all of the software is free, it's going to cost a *lot* of money, for the man-hours needed, if nothing else. That doesn't count the hardware resources necessary to collect/massage/analyze/report on all of that new data. The CEO is dreaming. Kurt On Wed, Jan 7, 2009 at 7:49 AM, Durf <[email protected]> wrote: > Christ you all. It doesn't have to be this hard. > If they have a Sonicwall, buy the Viewpoint module. If they don't have a > Sonicwall, then get them one. There are equivalent products for Cisco and > Watchguard. > For AD, just turn on appropriate auditing and use GFI EventSentry to gather > and report on events. > > That's it, you're done. Aside from literal keystroke logging on the > workstations, these two items will handle everything else on the network > that is appropriate. > Whether they *should* do it or not is a whole different question, and not > what the OP asked. > -- Durf > > On Wed, Jan 7, 2009 at 10:44 AM, Roger Wright <[email protected]> wrote: >> >> And how many people does he plan to hire to review and report on all this >> data? You'll probably need to add storage and another server to accommodate >> it. >> >> >> >> Take a look at Adventnet's Eventlog Analyzer… >> >> http://manageengine.adventnet.com/products/eventlog/index.html >> >> >> >> >> >> >> >> >> >> >> >> Roger Wright >> >> Network Administrator >> >> Evatone, Inc. >> >> 727.572.7076 x388 >> >> _____ >> >> >> >> From: Alex Carroll [mailto:[email protected]] >> Sent: Wednesday, January 07, 2009 10:25 AM >> To: NT System Admin Issues >> Subject: Auditing Everything >> >> >> >> I have a request from my CEO to audit everything that happens on our >> network. When users open files, when they change files, delete files, use >> any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any >> of you have a good solution you can recommend for that? I can google all I >> want, but I won't know the real world experience by doing that. We are a >> smaller company – 16 users. Right now we have 3 servers (1 SBS 03, 2 that >> are 2003) in production. We use XP and Vista. >> >> >> >> Thanks in advance! >> >> >> >> Alex Carroll >> >> Software Support >> >> Crabtree Companies, Inc. >> >> 651-688-2727 >> >> >> >> >> >> >> >> >> >> >> >> > > > -- > -------------- > Give a man a fish, and he'll eat for a day. > Give a fish a man, and he'll eat for weeks! > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
