You can't mine all the who/what/why/where/when info that some admins and auditors want simply from the event logs.
From: David Lum [mailto:[email protected]] Sent: Friday, September 11, 2009 10:24 AM To: NT System Admin Issues Subject: RE: Tripwire Alternately, any tool that can monitor event logs can give you alerts and logging on AD changes, almost all this stuff is in one event log or another, and this includes user adds/deletes, GPO add/change/deletes, etc... Dave From: David W. McSpadden [mailto:[email protected]] Sent: Friday, September 11, 2009 9:46 AM To: NT System Admin Issues Subject: Tripwire What are some other software apps like Tripwire that can monitor my Active Directory for changes and my Server OS's for changes?? Per the audit staff we need something to show all AD changes/adds/deletes by whom, and when. All OS file changes/adds/deletes by whom, and when. Anyone have anything other than Tripwire?? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
