User activity auditing

Networking/Security Forums -> Security Related Software

Author: FriedRicer PostPosted: Tue Jul 22, 2003 2:43 pm    Post subject: User activity auditing
    ----
Hey,

Does anybody know of a program (apart from windows audit) to track what the users do in on servers? We have a user that moves folders around all the time and we don't know who it is. However, with Win NT4's audit combined with event viewer, when you track many users, it can become pretty difficult to even decipher what's happening. Sifting through 100s of events is much too long. So does anybody know of any good 3rd party software or something to do this?

Thanks a lot for your help.


Mod edit: edited content - s3c
Keywords: tracking actions tracing

Author: hugoLocation: Netherlands, Europe PostPosted: Tue Jul 22, 2003 2:55 pm    Post subject: Re: user activity auditing
    ----
Don't know anything about such a program, but if you enable the logging you are talking about, you do not have to go through all the events, as you know the name of the folder that has moved, right?

Just a thought.

Author: FriedRicer PostPosted: Tue Jul 22, 2003 3:40 pm    Post subject: Re: user activity auditing
    ----
hugo wrote:
Don't know anything about such a program, but if you enable the logging you are talking about, you do not have to go through all the events, as you know the name of the folder that has moved, right?

Just a thought.


Well, actually, I have to go through all the events because you do not see the folder names in event viewer unless you go into the event details.
If there is another way to do this or if there is something I missed, I'm open to suggestions. Wink

content edit - s3c

Author: hugoLocation: Netherlands, Europe PostPosted: Tue Jul 22, 2003 4:07 pm    Post subject: Re: user activity auditing
    ----
FriedRicer wrote:
well, actualy, I have to go through all the events because you do not see the folder names in event viewer unless you go into the event details...
if there is another way to do this or if there is something I missed, I'm open to suggestions.. Wink


I'm not an NT guy or I would've known that Microsoft wouldn't allow you to do anything useful in the Event Viewer, unless you bought Product X which does enable such basic search capabilities. I could have figured though. Wink

Maybe you could look for a shareware Event Viewer that does support a useful Search function. There are probably plenty to choose from.

content edit - s3c

Author: FriedRicer PostPosted: Tue Jul 22, 2003 4:19 pm    Post subject:
    ----
Yeah, that's what I'm trying to find, but those applications are not easy to dig up on the web. This is why I ended up here. Wink

Thanks for the help anyway man!

Anybody else have ideas!?!? Razz

content edit - s3c

Author: hugoLocation: Netherlands, Europe PostPosted: Tue Jul 22, 2003 4:29 pm    Post subject:
    ----
Google came up with this, it may serve your purpose.
http://www.ccts-ent.com/evc/

Author: FriedRicer PostPosted: Tue Jul 22, 2003 5:22 pm    Post subject:
    ----
hugo wrote:
Google came up with this, it may serve your purpose;
http://www.ccts-ent.com/evc/


Thanks for the help man, but it actualy uses the same filtering criteria as the one from windows and thus does not permit me to search by Object Name, which is what I would need. I can search by source, but for the needed purpose, this is useless.

Thanks again for the help man. It's appreciated.


Edited content - s3c

Author: lbreimyer PostPosted: Fri Aug 08, 2003 8:14 pm    Post subject:
    ----
I believe Pedestal Software's INTACT will perform the task in which you are interested. You can monitor both users and activities - such that you can track down the particular user who's making the undesired change (in this case moving the folders around). Also, you can be notified when the change occurs...which might be particularly convenient for your situation.

Author: Sgt_BLocation: Chicago, IL US PostPosted: Fri Aug 08, 2003 8:28 pm    Post subject:
    ----
You could always dump the event viewer logs into a comma delimeted text file. Then you can do whatever you want with the file.
Grep for windows could help then. Just grep the object name you're looking for, and you'll get all the lines with that object.
That is if you don't really want to purchase 3rd party software.

Win2k allows you to export the list. In NT I think you actually need to clear the log files, and when it asks you to save the files, you can select file type as comma delimeted.
Just a thought.

EDIT: Simply exporting in 2000 does not include the descrption of the event. You need to clear the log files, then when prompted save them as a delimeted file.



Networking/Security Forums -> Security Related Software


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group