Files and directory access loging

IT auditing software
vulnerability management
one of my clients is asking about a daily report contains all files and directories accessed every day and who is accessing it (time and mode:delete ,read ,write.) on a spicific share. so i tried using a script to filter out all events regarding files access but that looks time consuming method . so please if any one have a better idea or a software name.

Answer Wiki

Thanks. We'll let you know when a new response is added.

I suggest you get another job, considering that this guy is crazy. You’re going to spend your lifetime having him micromanage your processes running every second of the servers lifetime.

File audits work best for few files, not the entire file system. Your logs are going to be so full and it’s going to be absolutely useless to anyone because no one will have time to read it/parse it.

If you do get him convinced that to lighten up on his requirement and focus on the important directories such as the financial records of the company and proprietary information, a package like GFI’s LanGuard SELM will audit the server and workstations logs for accesses not only for file access, but also the entire Event Log, if desired. You will have to manually set up some rules for the types of events you are looking for, but that’s easy once you have a reasonable goal in mind. I don’t know file access Events off the top of my head, but it’s easy enough to figure out.

Good luck,


Discuss This Question: 2  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • ItDefPat1
    Yes, auditing every event is a big load (pun also intended). Mainframes could do all that, but it is not at all common on any distributed platform (like windows, or generic unix). Mostly, you would have to have that kind of function built into the APPLICATION. The closest to that would be to build folder rights so that only a specific application could access the files there (users get no direct access to data). Not easy, unless using a DB or ERP system. If the application doesnt (or you aren't building the app) do enough audit, authentication and authorization, then you would have to do a proxy scenario (the proxy might do it). But to get off the shelf proxy means mostly only http apps (or build the proxy for the app - again, not pretty). Maybe you want to control access to the share. Would putting the server on an isolated network segment work. That would provide protection, authentication and alerting. This is all very complex, tricky and time consuming. Yuck. Like the other guy said, the boss is asking for way more than what can be managed. This doesn't even take into account all the manpower to review all those logs (windows sys logs. After all, you just want to know about violations, not that people are opening files all day long, right? Yikes. And is there a policy to mandate this type of review? Is there a process to manage (and staff to support). Maybe what you want is strong authentication? Through in some crypto on the files; this might be a PKI. The firewall isolation noted above, with strong authentication is probably the easiest and provides a good return on ivestment, low maintenance and management efforts, decent reporting and alerting. IT Defense
    15 pointsBadges:
  • Nalluk
    We do generate a daily report containing all files and directories accessed every day by resources and users on any given server in multiple Domains. Try using EventTracker Enterprise Eventlog Management software from Prism Microsystems, Inc. Not only it does what you need it also does SOX, GLBA and HIPAA Compliance reports.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: