RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server
Hi Robert, All very good questions. The client is paying for piece work as opposed to an hourly rate so monitoring time spent against time billed is not a concern. Mostly they want to know if the developers are using the environment that has been provided to them. 2 SQL servers, 2 web servers, 2 application servers. Comments like did they just upload the new stuff the day before the deliverable date? Are they using the environment that was provided for 5 minutes a day or hours per day? I am thinking of it as more of a validation of the whole support environment for the developers rather than did they update/fix that web page. Monitoring the host machines via SNMP might be an idea. Any simple (but good) tool leap to mind? Thanks Goran Jovanovic Omega Network Solutions From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert E. Spivack Sent: Wednesday, May 31, 2006 7:01 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server Lets start at the high-level: What question are you trying to answer? e.g: Are the developers spending enough time doing the work they should be doing? Are the developers doing things they should not be doing? Are the developers competent and performing their job properly? Are the developers hours spent working matching their timesheets/project sheets? Etc. There are different solutions depending upon your objectives. Note: Personally, for outsourcing I pay based on a project or deliverable so tracking time/usage is of no interest to me. I pay for a certain result and dont care if it takes an hour or a week to do it. Also, I audit the quality of the finished product/code/service, I dont care about the tools/methods used to reach that goal. In your case: Since you have a virtual server environment, you can also audit at the host level. E.g. you can run SNMP tools and measure traffic (bps and total bytes in/out) on the virtual network ports of the virtual machine to see the activity level. You can see the protocol (http, http, netbios, smb, etc.) to see what type of activity is flowing through the machine. If you run the tool in a virtual machine on the same physical host, it can use packet capture to fully analyze the traffic and not just SNMP/WMI. You might consider re-writing your outsourcing contract. You really shouldnt have to police the project/micromanage it. Afterall, management of outsourcing is the hidden cost that can eat you alive and remove any cost benefits so why allow yourself to fall into that black hole? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Wednesday, May 31, 2006 1:09 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server It is a dev/staging server running in a virtual server environment so I have to be a bit careful what I turn on or dont. I tried the auditing a file. Wow talk about generating Security Event Log records. I turned auditing on for two files bginfo.exe and its corresponding config.bgi file. Then I ran it to generate the background on file server. That simple little thing created 15 log entries. If we turn this on we are going to need something to parse the security log file as I can see that it is going to produce a HUGE amount traffic in there. Goran Jovanovic Omega Network Solutions From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shaun Mickey Sent: Wednesday, May 31, 2006 3:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server You could also enable auditing in Windows to examine file level access, just r-click on any file/folder and select properties, click on the security tab then click advanced then click on the auditing tab. WARNING: auditing a lot of high-use files could strain the server That being said, your on a dev server so it should be alright, though I would keep the number of files youre auditing to a minimum or as small a group as possible Thanks, Shaun --- Shaun Mickey 270net Technologies Phone: 301.663.6000 x28 Fax: 301.663.4410 www.270net.com Internet/Technology Solutions for Business and Government --- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Wednesday, May 31, 2006 3:16 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server Source code activity would be best analyzed with Visual SourceSafe or another code control system. For watching use of the sites for testing, etc. just enable logging for the virtual webs and run reports on the web traffic. Darin. - Original Message - From: Goran
RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server
MRTG is free but a pain to setup and reporting is limited. Some swear by Cacti, but setup is also complex. A reasonable cost effective tool is Paessler. Windows-specific, but well implemented and supported. http://www.paessler.com/ It has a packet capture mode (aka sniffer) which will do a lot more than just snmp counting and exports reports to pdf From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Thursday, June 01, 2006 10:04 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server Hi Robert, All very good questions. The client is paying for piece work as opposed to an hourly rate so monitoring time spent against time billed is not a concern. Mostly they want to know if the developers are using the environment that has been provided to them. 2 SQL servers, 2 web servers, 2 application servers. Comments like did they just upload the new stuff the day before the deliverable date? Are they using the environment that was provided for 5 minutes a day or hours per day? I am thinking of it as more of a validation of the whole support environment for the developers rather than did they update/fix that web page. Monitoring the host machines via SNMP might be an idea. Any simple (but good) tool leap to mind? Thanks Goran Jovanovic Omega Network Solutions From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert E. Spivack Sent: Wednesday, May 31, 2006 7:01 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server Lets start at the high-level: What question are you trying to answer? e.g: Are the developers spending enough time doing the work they should be doing? Are the developers doing things they should not be doing? Are the developers competent and performing their job properly? Are the developers hours spent working matching their timesheets/project sheets? Etc. There are different solutions depending upon your objectives. Note: Personally, for outsourcing I pay based on a project or deliverable so tracking time/usage is of no interest to me. I pay for a certain result and dont care if it takes an hour or a week to do it. Also, I audit the quality of the finished product/code/service, I dont care about the tools/methods used to reach that goal. In your case: Since you have a virtual server environment, you can also audit at the host level. E.g. you can run SNMP tools and measure traffic (bps and total bytes in/out) on the virtual network ports of the virtual machine to see the activity level. You can see the protocol (http, http, netbios, smb, etc.) to see what type of activity is flowing through the machine. If you run the tool in a virtual machine on the same physical host, it can use packet capture to fully analyze the traffic and not just SNMP/WMI. You might consider re-writing your outsourcing contract. You really shouldnt have to police the project/micromanage it. Afterall, management of outsourcing is the hidden cost that can eat you alive and remove any cost benefits so why allow yourself to fall into that black hole? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Wednesday, May 31, 2006 1:09 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server It is a dev/staging server running in a virtual server environment so I have to be a bit careful what I turn on or dont. I tried the auditing a file. Wow talk about generating Security Event Log records. I turned auditing on for two files bginfo.exe and its corresponding config.bgi file. Then I ran it to generate the background on file server. That simple little thing created 15 log entries. If we turn this on we are going to need something to parse the security log file as I can see that it is going to produce a HUGE amount traffic in there. Goran Jovanovic Omega Network Solutions From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shaun Mickey Sent: Wednesday, May 31, 2006 3:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server You could also enable auditing in Windows to examine file level access, just r-click on any file/folder and select properties, click on the security tab then click advanced then click on the auditing tab. WARNING: auditing a lot of high-use files could strain the server That being said, your on a dev server so it should be alright, though I would keep the number of files youre auditing to a minimum or as small a group as possible Thanks, Shaun --- Shaun Mickey 270net Technologies Phone: 301.663.6000 x28 Fax: 301.663.4410 www.270net.com Internet/Technology Solutions for Business and Government
RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server
Ill second the recommendation for Paesslers PRTG product. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert E. Spivack Sent: Thursday, June 01, 2006 1:16 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server MRTG is free but a pain to setup and reporting is limited. Some swear by Cacti, but setup is also complex. A reasonable cost effective tool is Paessler. Windows-specific, but well implemented and supported. http://www.paessler.com/ It has a packet capture mode (aka sniffer) which will do a lot more than just snmp counting and exports reports to pdf From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Thursday, June 01, 2006 10:04 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server Hi Robert, All very good questions. The client is paying for piece work as opposed to an hourly rate so monitoring time spent against time billed is not a concern. Mostly they want to know if the developers are using the environment that has been provided to them. 2 SQL servers, 2 web servers, 2 application servers. Comments like did they just upload the new stuff the day before the deliverable date? Are they using the environment that was provided for 5 minutes a day or hours per day? I am thinking of it as more of a validation of the whole support environment for the developers rather than did they update/fix that web page. Monitoring the host machines via SNMP might be an idea. Any simple (but good) tool leap to mind? Thanks Goran Jovanovic Omega Network Solutions From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert E. Spivack Sent: Wednesday, May 31, 2006 7:01 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server Lets start at the high-level: What question are you trying to answer? e.g: Are the developers spending enough time doing the work they should be doing? Are the developers doing things they should not be doing? Are the developers competent and performing their job properly? Are the developers hours spent working matching their timesheets/project sheets? Etc. There are different solutions depending upon your objectives. Note: Personally, for outsourcing I pay based on a project or deliverable so tracking time/usage is of no interest to me. I pay for a certain result and dont care if it takes an hour or a week to do it. Also, I audit the quality of the finished product/code/service, I dont care about the tools/methods used to reach that goal. In your case: Since you have a virtual server environment, you can also audit at the host level. E.g. you can run SNMP tools and measure traffic (bps and total bytes in/out) on the virtual network ports of the virtual machine to see the activity level. You can see the protocol (http, http, netbios, smb, etc.) to see what type of activity is flowing through the machine. If you run the tool in a virtual machine on the same physical host, it can use packet capture to fully analyze the traffic and not just SNMP/WMI. You might consider re-writing your outsourcing contract. You really shouldnt have to police the project/micromanage it. Afterall, management of outsourcing is the hidden cost that can eat you alive and remove any cost benefits so why allow yourself to fall into that black hole? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Wednesday, May 31, 2006 1:09 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server It is a dev/staging server running in a virtual server environment so I have to be a bit careful what I turn on or dont. I tried the auditing a file. Wow talk about generating Security Event Log records. I turned auditing on for two files bginfo.exe and its corresponding config.bgi file. Then I ran it to generate the background on file server. That simple little thing created 15 log entries. If we turn this on we are going to need something to parse the security log file as I can see that it is going to produce a HUGE amount traffic in there. Goran Jovanovic Omega Network Solutions From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shaun Mickey Sent: Wednesday, May 31, 2006 3:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server You could also enable auditing in Windows to examine file level access, just r-click on any file/folder and select properties, click on the security tab then click advanced then click on the auditing tab. WARNING: auditing a lot of high-use files could strain the server That being said, your on a dev server so it should be alright, though I would keep the number
RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server
We use PRTG here and it works quite well. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Marchette Sent: Thursday, June 01, 2006 4:25 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server Ill second the recommendation for Paesslers PRTG product. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert E. Spivack Sent: Thursday, June 01, 2006 1:16 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server MRTG is free but a pain to setup and reporting is limited. Some swear by Cacti, but setup is also complex. A reasonable cost effective tool is Paessler. Windows-specific, but well implemented and supported. http://www.paessler.com/ It has a packet capture mode (aka sniffer) which will do a lot more than just snmp counting and exports reports to pdf From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Thursday, June 01, 2006 10:04 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server Hi Robert, All very good questions. The client is paying for piece work as opposed to an hourly rate so monitoring time spent against time billed is not a concern. Mostly they want to know if the developers are using the environment that has been provided to them. 2 SQL servers, 2 web servers, 2 application servers. Comments like did they just upload the new stuff the day before the deliverable date? Are they using the environment that was provided for 5 minutes a day or hours per day? I am thinking of it as more of a validation of the whole support environment for the developers rather than did they update/fix that web page. Monitoring the host machines via SNMP might be an idea. Any simple (but good) tool leap to mind? Thanks Goran Jovanovic Omega Network Solutions From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert E. Spivack Sent: Wednesday, May 31, 2006 7:01 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server Lets start at the high-level: What question are you trying to answer? e.g: Are the developers spending enough time doing the work they should be doing? Are the developers doing things they should not be doing? Are the developers competent and performing their job properly? Are the developers hours spent working matching their timesheets/project sheets? Etc. There are different solutions depending upon your objectives. Note: Personally, for outsourcing I pay based on a project or deliverable so tracking time/usage is of no interest to me. I pay for a certain result and dont care if it takes an hour or a week to do it. Also, I audit the quality of the finished product/code/service, I dont care about the tools/methods used to reach that goal. In your case: Since you have a virtual server environment, you can also audit at the host level. E.g. you can run SNMP tools and measure traffic (bps and total bytes in/out) on the virtual network ports of the virtual machine to see the activity level. You can see the protocol (http, http, netbios, smb, etc.) to see what type of activity is flowing through the machine. If you run the tool in a virtual machine on the same physical host, it can use packet capture to fully analyze the traffic and not just SNMP/WMI. You might consider re-writing your outsourcing contract. You really shouldnt have to police the project/micromanage it. Afterall, management of outsourcing is the hidden cost that can eat you alive and remove any cost benefits so why allow yourself to fall into that black hole? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Wednesday, May 31, 2006 1:09 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server It is a dev/staging server running in a virtual server environment so I have to be a bit careful what I turn on or dont. I tried the auditing a file. Wow talk about generating Security Event Log records. I turned auditing on for two files bginfo.exe and its corresponding config.bgi file. Then I ran it to generate the background on file server. That simple little thing created 15 log entries. If we turn this on we are going to need something to parse the security log file as I can see that it is going to produce a HUGE amount traffic in there. Goran Jovanovic Omega Network Solutions From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shaun Mickey Sent: Wednesday, May 31, 2006 3:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server You could also enable auditing in Windows to examine file level access, just r-click
RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server
We use it too. Reasonably priced and it'll send you monthly bandwidth reports in PDF format if you host several severs and bill your customers appropriately. It's basically MRTG but easier setup. Kevin At 01:28 PM 6/1/2006, you wrote: We use PRTG here and it works quite well. From: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED]] On Behalf Of Dave Marchette Sent: Thursday, June 01, 2006 4:25 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server I?ll second the recommendation for Paessler?s PRTG product. From: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED]] On Behalf Of Robert E. Spivack Sent: Thursday, June 01, 2006 1:16 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server MRTG is free but a pain to setup and reporting is limited. Some swear by Cacti, but setup is also complex. A reasonable cost effective tool is Paessler. Windows-specific, but well implemented and supported. http://www.paessler.com/ It has a packet capture mode (aka ?sniffer?) which will do a lot more than just snmp counting and exports reports to pdf From: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED]] On Behalf Of Goran Jovanovic Sent: Thursday, June 01, 2006 10:04 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server Hi Robert, All very good questions. The client is paying for piece work as opposed to an hourly rate so monitoring time spent against time billed is not a concern. Mostly they want to know if the developers are using the environment that has been provided to them. 2 SQL servers, 2 web servers, 2 application servers. Comments like did they just upload the new stuff the day before the deliverable date? Are they using the environment that was provided for 5 minutes a day or hours per day? I am thinking of it as more of a validation of the whole support environment for the developers rather than did they update/fix that web page. Monitoring the host machines via SNMP might be an idea. Any simple (but good) tool leap to mind? Thanks Goran Jovanovic Omega Network Solutions From: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED]] On Behalf Of Robert E. Spivack Sent: Wednesday, May 31, 2006 7:01 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server Let?s start at the high-level: What question are you trying to answer? e.g: ?Are the developers spending enough time doing the work they should be doing?? ?Are the developers doing things they should not be doing?? ?Are the developers competent and performing their job properly?? ?Are the developers hours spent working matching their timesheets/project sheets? Etc. There are different solutions depending upon your objectives. Note: Personally, for outsourcing I pay based on a project or deliverable so tracking time/usage is of no interest to me. I pay for a certain result and don?t care if it takes an hour or a week to do it. Also, I audit the quality of the finished product/code/service, I don?t care about the tools/methods used to reach that goal. In your case: Since you have a virtual server environment, you can also audit at the host level. E.g. you can run SNMP tools and measure traffic (bps and total bytes in/out) on the virtual network ports of the virtual machine to see the activity level. You can see the protocol (http, http, netbios, smb, etc.) to see what type of activity is flowing through the machine. If you run the tool in a virtual machine on the same physical host, it can use packet capture to fully analyze the traffic and not just SNMP/WMI. You might consider re-writing your outsourcing contract. You really shouldn?t have to police the project/micromanage it. Afterall, management of outsourcing is the hidden cost that can eat you alive and remove any cost benefits so why allow yourself to fall into that black hole? From: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED]] On Behalf Of Goran Jovanovic Sent: Wednesday, May 31, 2006 1:09 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server It is a dev/staging server running in a virtual server environment so I have to be a bit careful what I turn on or don?t. I tried the auditing a file. Wow talk about generating Security Event Log records. I turned auditing on for two files bginfo.exe and its corresponding config.bgi file. Then I ran it to generate the background on file server. That simple little thing created 15 log entries. If we turn this on we are going to need something to parse the security log file as I can see that it is going to produce a HUGE amount traffic in there. Goran Jovanovic Omega Network Solutions From: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED]] On Behalf Of Shaun Mickey Sent: Wednesday, May 31, 2006 3:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring
Re: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server
Yep, yep, yep, and yep. Darin. - Original Message - From: Goran Jovanovic To: Declude.JunkMail@declude.com Sent: Wednesday, May 31, 2006 3:39 PM Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server Darin, My understanding of the source code development is that it will be done on the developerÂ’s workstations, copied up to the clientÂ’s servers and then tested there. So the source code control is probably not going to happen. You are referring to the IIS logs? Does that show what pages are being accessed? Would something like a Webtrends also do that? If they copy the updated files to a mapped network connection then the IIS logs will not show that only perhaps that the same page was accessed again. Goran Jovanovic Omega Network Solutions From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin CoxSent: Wednesday, May 31, 2006 3:16 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server Source code activity would be best analyzed with Visual SourceSafe or another code control system. For watching use of the sites for testing, etc. just enable logging for the virtual webs and run reports on the web traffic. Darin. - Original Message - From: Goran Jovanovic To: Declude.JunkMail@declude.com Sent: Wednesday, May 31, 2006 2:35 PM Subject: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server Hi All, This is definitely an off topic question. I have a client that wants to monitor what their outsourced developers are doing. The development is taking place in IIS, .Net Application Server and SQL 2000. They want to know generally speaking what they are doing. Are the development servers being used/tested? Would not have to report on what exactly is being changed etc but some sort of activity report. Does anyone know of anything that can report on this type of activity. Thanks Goran Jovanovic Omega Network Solutions
RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server
Yeah, the auditing needs some supervision, you can use a script to read the file every 6 hours or so. Basically move the current file, create a new one, and rename the old in a date-time.txt format. Then parse it for what youre looking for and spit out some basic custom XHTML page (or xml). That wouldnt be too bad of a _vbscript_ especially with regular _expression_ searches. Or you could use some other kind of log processor/web stats package (sawmill log analyzer supports a lot of formats) instead of creating a custom solution. I think you can limit some of the entries in auditing by picking certain usernames to watch, havent really used it a whole lot, but its damn useful. Web stats will only show you connections to the file by IIS, whereas auditing will show you every access from a particular username. I would google it some, just to see what kinda options are out there for using it, might be some filters you could include or something of the like. Thanks, Shaun --- Shaun Mickey 270net Technologies Phone: 301.663.6000 x28 Fax: 301.663.4410 www.270net.com Internet/Technology Solutions for Business and Government --- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Wednesday, May 31, 2006 4:09 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server It is a dev/staging server running in a virtual server environment so I have to be a bit careful what I turn on or dont. I tried the auditing a file. Wow talk about generating Security Event Log records. I turned auditing on for two files bginfo.exe and its corresponding config.bgi file. Then I ran it to generate the background on file server. That simple little thing created 15 log entries. If we turn this on we are going to need something to parse the security log file as I can see that it is going to produce a HUGE amount traffic in there. Goran Jovanovic Omega Network Solutions From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shaun Mickey Sent: Wednesday, May 31, 2006 3:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server You could also enable auditing in Windows to examine file level access, just r-click on any file/folder and select properties, click on the security tab then click advanced then click on the auditing tab. WARNING: auditing a lot of high-use files could strain the server That being said, your on a dev server so it should be alright, though I would keep the number of files youre auditing to a minimum or as small a group as possible Thanks, Shaun --- Shaun Mickey 270net Technologies Phone: 301.663.6000 x28 Fax: 301.663.4410 www.270net.com Internet/Technology Solutions for Business and Government --- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Wednesday, May 31, 2006 3:16 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server Source code activity would be best analyzed with Visual SourceSafe or another code control system. For watching use of the sites for testing, etc. just enable logging for the virtual webs and run reports on the web traffic. Darin. - Original Message - From: Goran Jovanovic To: Declude.JunkMail@declude.com Sent: Wednesday, May 31, 2006 2:35 PM Subject: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server Hi All, This is definitely an off topic question. I have a client that wants to monitor what their outsourced developers are doing. The development is taking place in IIS, .Net Application Server and SQL 2000. They want to know generally speaking what they are doing. Are the development servers being used/tested? Would not have to report on what exactly is being changed etc but some sort of activity report. Does anyone know of anything that can report on this type of activity. Thanks Goran Jovanovic Omega Network Solutions
RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server
Lets start at the high-level: What question are you trying to answer? e.g: Are the developers spending enough time doing the work they should be doing? Are the developers doing things they should not be doing? Are the developers competent and performing their job properly? Are the developers hours spent working matching their timesheets/project sheets? Etc. There are different solutions depending upon your objectives. Note: Personally, for outsourcing I pay based on a project or deliverable so tracking time/usage is of no interest to me. I pay for a certain result and dont care if it takes an hour or a week to do it. Also, I audit the quality of the finished product/code/service, I dont care about the tools/methods used to reach that goal. In your case: Since you have a virtual server environment, you can also audit at the host level. E.g. you can run SNMP tools and measure traffic (bps and total bytes in/out) on the virtual network ports of the virtual machine to see the activity level. You can see the protocol (http, http, netbios, smb, etc.) to see what type of activity is flowing through the machine. If you run the tool in a virtual machine on the same physical host, it can use packet capture to fully analyze the traffic and not just SNMP/WMI. You might consider re-writing your outsourcing contract. You really shouldnt have to police the project/micromanage it. Afterall, management of outsourcing is the hidden cost that can eat you alive and remove any cost benefits so why allow yourself to fall into that black hole? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Wednesday, May 31, 2006 1:09 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server It is a dev/staging server running in a virtual server environment so I have to be a bit careful what I turn on or dont. I tried the auditing a file. Wow talk about generating Security Event Log records. I turned auditing on for two files bginfo.exe and its corresponding config.bgi file. Then I ran it to generate the background on file server. That simple little thing created 15 log entries. If we turn this on we are going to need something to parse the security log file as I can see that it is going to produce a HUGE amount traffic in there. Goran Jovanovic Omega Network Solutions From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shaun Mickey Sent: Wednesday, May 31, 2006 3:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server You could also enable auditing in Windows to examine file level access, just r-click on any file/folder and select properties, click on the security tab then click advanced then click on the auditing tab. WARNING: auditing a lot of high-use files could strain the server That being said, your on a dev server so it should be alright, though I would keep the number of files youre auditing to a minimum or as small a group as possible Thanks, Shaun --- Shaun Mickey 270net Technologies Phone: 301.663.6000 x28 Fax: 301.663.4410 www.270net.com Internet/Technology Solutions for Business and Government --- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Wednesday, May 31, 2006 3:16 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server Source code activity would be best analyzed with Visual SourceSafe or another code control system. For watching use of the sites for testing, etc. just enable logging for the virtual webs and run reports on the web traffic. Darin. - Original Message - From: Goran Jovanovic To: Declude.JunkMail@declude.com Sent: Wednesday, May 31, 2006 2:35 PM Subject: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server Hi All, This is definitely an off topic question. I have a client that wants to monitor what their outsourced developers are doing. The development is taking place in IIS, .Net Application Server and SQL 2000. They want to know generally speaking what they are doing. Are the development servers being used/tested? Would not have to report on what exactly is being changed etc but some sort of activity report. Does anyone know of anything that can report on this type of activity. Thanks Goran Jovanovic Omega Network Solutions
RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server
good perspective Harry Vanderzand inTown Internet Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert E. SpivackSent: Wednesday, May 31, 2006 7:01 PMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server Lets start at the high-level: What question are you trying to answer? e.g: Are the developers spending enough time doing the work they should be doing? Are the developers doing things they should not be doing? Are the developers competent and performing their job properly? Are the developers hours spent working matching their timesheets/project sheets? Etc. There are different solutions depending upon your objectives. Note: Personally, for outsourcing I pay based on a project or deliverable so tracking time/usage is of no interest to me. I pay for a certain result and dont care if it takes an hour or a week to do it. Also, I audit the quality of the finished product/code/service, I dont care about the tools/methods used to reach that goal. In your case: Since you have a virtual server environment, you can also audit at the host level. E.g. you can run SNMP tools and measure traffic (bps and total bytes in/out) on the virtual network ports of the virtual machine to see the activity level. You can see the protocol (http, http, netbios, smb, etc.) to see what type of activity is flowing through the machine. If you run the tool in a virtual machine on the same physical host, it can use packet capture to fully analyze the traffic and not just SNMP/WMI. You might consider re-writing your outsourcing contract. You really shouldnt have to police the project/micromanage it. Afterall, management of outsourcing is the hidden cost that can eat you alive and remove any cost benefits so why allow yourself to fall into that black hole? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran JovanovicSent: Wednesday, May 31, 2006 1:09 PMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server It is a dev/staging server running in a virtual server environment so I have to be a bit careful what I turn on or dont. I tried the auditing a file. Wow talk about generating Security Event Log records. I turned auditing on for two files bginfo.exe and its corresponding config.bgi file. Then I ran it to generate the background on file server. That simple little thing created 15 log entries. If we turn this on we are going to need something to parse the security log file as I can see that it is going to produce a HUGE amount traffic in there. Goran Jovanovic Omega Network Solutions From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shaun MickeySent: Wednesday, May 31, 2006 3:34 PMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server You could also enable auditing in Windows to examine file level access, just r-click on any file/folder and select properties, click on the security tab then click advanced then click on the auditing tab. WARNING: auditing a lot of high-use files could strain the server That being said, your on a dev server so it should be alright, though I would keep the number of files youre auditing to a minimum or as small a group as possible Thanks, Shaun ---Shaun Mickey270net TechnologiesPhone: 301.663.6000 x28Fax: 301.663.4410www.270net.com "Internet/Technology Solutions for Business and Government"--- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin CoxSent: Wednesday, May 31, 2006 3:16 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server Source code activity would be best analyzed with Visual SourceSafe or another code control system. For watching use of the sites for testing, etc. just enable logging for the virtual webs and run reports on the web traffic. Darin. - Original Message - From: Goran Jovanovic To: Declude.JunkMail@declude.com Sent: Wednesday, May 31, 2006 2:35 PM Subject: [Declude.JunkMail] OT: Monitoring/Auditing a Windows Server Hi All, This is definitely an off topic question. I have a client that wants to monitor what their outsourced developers are doing. The development is taking place in IIS, .Net Application Server and SQL 2000. They want