Open-AudIT
https://www.open-audit.org/phpBB3/

new user looking for help
https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6587
Page 1 of 1

Author:  imiller [ Wed Feb 15, 2017 12:10 am ]
Post subject:  new user looking for help

I am looking instructions on how to setup logging and a daily report that will tell me what files a user has accessed or copied.

I would also like get a report or notification if anyone copies something to a usb drive.

Author:  jpa [ Wed Feb 15, 2017 2:43 am ]
Post subject:  Re: new user looking for help

You can get Windows to audit this type of information but Openaudit does not audit or store this and so can't report on it.

Author:  imiller [ Thu Feb 16, 2017 3:32 am ]
Post subject:  Re: new user looking for help

OK Thanks. I thought Open Audit could do that. Are there any open source programs you recommend to accomplish this?

Author:  jpa [ Thu Feb 16, 2017 7:40 am ]
Post subject:  Re: new user looking for help

Don't know of any Open Source or free. You'd want to enable file auditing in Windows then monitor the Event Log. Google will turn up for-pay packages but I didn't see anything specifically open source. I'm not sure a Powershell script would be all that complicated for what you want to do.

Author:  shanimal [ Wed Feb 22, 2017 6:27 am ]
Post subject:  Re: new user looking for help

As jpa mentioned you can tweak windows event settings so these events are written to the event logs. It's possible to setup a central server to collect all the event logs from your windows servers using ELK (elasticsearch, logstash, kibana plus nginx or redis) but I'd say it's not going to be easy & these are open source apps. Lets just say it's not as easy to get this setup working, as it is to get open-audit up and running. Also, I've never tried to setup ELK to create daily reports either. You could search for those events, there may be a way to automate it.

Here is some more info http://www.ragingcomputer.com/2014/02/l ... event-logs

Author:  rikki [ Thu Apr 20, 2017 6:16 am ]
Post subject:  Re: new user looking for help

[quote="shanimal"]As jpa mentioned you can tweak windows event settings so these events are written to the event logs. It's possible to setup a central server to collect all the event logs from your windows servers using ELK (elasticsearch, logstash, kibana plus nginx or redis) but I'd say it's not going to be easy & these are open source apps. Lets just say it's not as easy to get this setup working, as it is to get open-audit up and running. Also, I've never tried to setup ELK to create daily reports either. You could search for those events, there may be a way to automate it.

Here is some more info http://www.ragingcomputer.com/2014/02/l ... event-logs

ok... im gonna try that thank you for your advice :)

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/