• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

User activity auditing

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Security Related Software

View previous topic :: View next topic  
Author Message
FriedRicer
Just Arrived
Just Arrived


Joined: 17 Jul 2003
Posts: 0


Offline

PostPosted: Tue Jul 22, 2003 2:43 pm    Post subject: User activity auditing Reply with quote

Hey,

Does anybody know of a program (apart from windows audit) to track what the users do in on servers? We have a user that moves folders around all the time and we don't know who it is. However, with Win NT4's audit combined with event viewer, when you track many users, it can become pretty difficult to even decipher what's happening. Sifting through 100s of events is much too long. So does anybody know of any good 3rd party software or something to do this?

Thanks a lot for your help.


Mod edit: edited content - s3c
Keywords: tracking actions tracing
Back to top
View user's profile Send private message
hugo
Forum Fanatic
Forum Fanatic


Joined: 14 Jun 2003
Posts: 16777215
Location: Netherlands, Europe

Offline

PostPosted: Tue Jul 22, 2003 2:55 pm    Post subject: Re: user activity auditing Reply with quote

Don't know anything about such a program, but if you enable the logging you are talking about, you do not have to go through all the events, as you know the name of the folder that has moved, right?

Just a thought.
Back to top
View user's profile Send private message
FriedRicer
Just Arrived
Just Arrived


Joined: 17 Jul 2003
Posts: 0


Offline

PostPosted: Tue Jul 22, 2003 3:40 pm    Post subject: Re: user activity auditing Reply with quote

hugo wrote:
Don't know anything about such a program, but if you enable the logging you are talking about, you do not have to go through all the events, as you know the name of the folder that has moved, right?

Just a thought.


Well, actually, I have to go through all the events because you do not see the folder names in event viewer unless you go into the event details.
If there is another way to do this or if there is something I missed, I'm open to suggestions. Wink

content edit - s3c
Back to top
View user's profile Send private message
hugo
Forum Fanatic
Forum Fanatic


Joined: 14 Jun 2003
Posts: 16777215
Location: Netherlands, Europe

Offline

PostPosted: Tue Jul 22, 2003 4:07 pm    Post subject: Re: user activity auditing Reply with quote

FriedRicer wrote:
well, actualy, I have to go through all the events because you do not see the folder names in event viewer unless you go into the event details...
if there is another way to do this or if there is something I missed, I'm open to suggestions.. Wink


I'm not an NT guy or I would've known that Microsoft wouldn't allow you to do anything useful in the Event Viewer, unless you bought Product X which does enable such basic search capabilities. I could have figured though. Wink

Maybe you could look for a shareware Event Viewer that does support a useful Search function. There are probably plenty to choose from.

content edit - s3c
Back to top
View user's profile Send private message
FriedRicer
Just Arrived
Just Arrived


Joined: 17 Jul 2003
Posts: 0


Offline

PostPosted: Tue Jul 22, 2003 4:19 pm    Post subject: Reply with quote

Yeah, that's what I'm trying to find, but those applications are not easy to dig up on the web. This is why I ended up here. Wink

Thanks for the help anyway man!

Anybody else have ideas!?!? Razz

content edit - s3c
Back to top
View user's profile Send private message
hugo
Forum Fanatic
Forum Fanatic


Joined: 14 Jun 2003
Posts: 16777215
Location: Netherlands, Europe

Offline

PostPosted: Tue Jul 22, 2003 4:29 pm    Post subject: Reply with quote

Google came up with this, it may serve your purpose.
http://www.ccts-ent.com/evc/
Back to top
View user's profile Send private message
FriedRicer
Just Arrived
Just Arrived


Joined: 17 Jul 2003
Posts: 0


Offline

PostPosted: Tue Jul 22, 2003 5:22 pm    Post subject: Reply with quote

hugo wrote:
Google came up with this, it may serve your purpose;
http://www.ccts-ent.com/evc/


Thanks for the help man, but it actualy uses the same filtering criteria as the one from windows and thus does not permit me to search by Object Name, which is what I would need. I can search by source, but for the needed purpose, this is useless.

Thanks again for the help man. It's appreciated.


Edited content - s3c
Back to top
View user's profile Send private message
lbreimyer
Just Arrived
Just Arrived


Joined: 11 Apr 2003
Posts: 0


Offline

PostPosted: Fri Aug 08, 2003 8:14 pm    Post subject: Reply with quote

I believe Pedestal Software's INTACT will perform the task in which you are interested. You can monitor both users and activities - such that you can track down the particular user who's making the undesired change (in this case moving the folders around). Also, you can be notified when the change occurs...which might be particularly convenient for your situation.
Back to top
View user's profile Send private message
Sgt_B
Trusted SF Member
Trusted SF Member


Joined: 28 Oct 2002
Posts: 16777215
Location: Chicago, IL US

Offline

PostPosted: Fri Aug 08, 2003 8:28 pm    Post subject: Reply with quote

You could always dump the event viewer logs into a comma delimeted text file. Then you can do whatever you want with the file.
Grep for windows could help then. Just grep the object name you're looking for, and you'll get all the lines with that object.
That is if you don't really want to purchase 3rd party software.

Win2k allows you to export the list. In NT I think you actually need to clear the log files, and when it asks you to save the files, you can select file type as comma delimeted.
Just a thought.

EDIT: Simply exporting in 2000 does not include the descrption of the event. You need to clear the log files, then when prompted save them as a delimeted file.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Security Related Software All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register