Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 4:49 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 
Author Message
PostPosted: Wed Feb 15, 2017 12:10 am 
Offline
Newbie

Joined: Fri Feb 10, 2017 3:18 am
Posts: 2
I am looking instructions on how to setup logging and a daily report that will tell me what files a user has accessed or copied.

I would also like get a report or notification if anyone copies something to a usb drive.


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 15, 2017 2:43 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
You can get Windows to audit this type of information but Openaudit does not audit or store this and so can't report on it.


Top
 Profile  
Reply with quote  
PostPosted: Thu Feb 16, 2017 3:32 am 
Offline
Newbie

Joined: Fri Feb 10, 2017 3:18 am
Posts: 2
OK Thanks. I thought Open Audit could do that. Are there any open source programs you recommend to accomplish this?


Top
 Profile  
Reply with quote  
PostPosted: Thu Feb 16, 2017 7:40 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
Don't know of any Open Source or free. You'd want to enable file auditing in Windows then monitor the Event Log. Google will turn up for-pay packages but I didn't see anything specifically open source. I'm not sure a Powershell script would be all that complicated for what you want to do.


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 22, 2017 6:27 am 
Offline
Contributor
User avatar

Joined: Thu Mar 02, 2006 4:41 am
Posts: 205
Location: Massachusetts
As jpa mentioned you can tweak windows event settings so these events are written to the event logs. It's possible to setup a central server to collect all the event logs from your windows servers using ELK (elasticsearch, logstash, kibana plus nginx or redis) but I'd say it's not going to be easy & these are open source apps. Lets just say it's not as easy to get this setup working, as it is to get open-audit up and running. Also, I've never tried to setup ELK to create daily reports either. You could search for those events, there may be a way to automate it.

Here is some more info http://www.ragingcomputer.com/2014/02/l ... event-logs

_________________
Server Info: running on a CentOS 7 vm
OA Version: 2.0.6 @ 500 devices


Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 20, 2017 6:16 am 
Offline
Newbie

Joined: Wed Apr 19, 2017 12:44 am
Posts: 1
[quote="shanimal"]As jpa mentioned you can tweak windows event settings so these events are written to the event logs. It's possible to setup a central server to collect all the event logs from your windows servers using ELK (elasticsearch, logstash, kibana plus nginx or redis) but I'd say it's not going to be easy & these are open source apps. Lets just say it's not as easy to get this setup working, as it is to get open-audit up and running. Also, I've never tried to setup ELK to create daily reports either. You could search for those events, there may be a way to automate it.

Here is some more info http://www.ragingcomputer.com/2014/02/l ... event-logs


ok... im gonna try that thank you for your advice :)

Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group