Open-AudIT https://www.open-audit.org/phpBB3/ |
|
new user looking for help https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6587 |
Page 1 of 1 |
Author: | imiller [ Wed Feb 15, 2017 12:10 am ] |
Post subject: | new user looking for help |
I am looking instructions on how to setup logging and a daily report that will tell me what files a user has accessed or copied. I would also like get a report or notification if anyone copies something to a usb drive. |
Author: | jpa [ Wed Feb 15, 2017 2:43 am ] |
Post subject: | Re: new user looking for help |
You can get Windows to audit this type of information but Openaudit does not audit or store this and so can't report on it. |
Author: | imiller [ Thu Feb 16, 2017 3:32 am ] |
Post subject: | Re: new user looking for help |
OK Thanks. I thought Open Audit could do that. Are there any open source programs you recommend to accomplish this? |
Author: | jpa [ Thu Feb 16, 2017 7:40 am ] |
Post subject: | Re: new user looking for help |
Don't know of any Open Source or free. You'd want to enable file auditing in Windows then monitor the Event Log. Google will turn up for-pay packages but I didn't see anything specifically open source. I'm not sure a Powershell script would be all that complicated for what you want to do. |
Author: | shanimal [ Wed Feb 22, 2017 6:27 am ] |
Post subject: | Re: new user looking for help |
As jpa mentioned you can tweak windows event settings so these events are written to the event logs. It's possible to setup a central server to collect all the event logs from your windows servers using ELK (elasticsearch, logstash, kibana plus nginx or redis) but I'd say it's not going to be easy & these are open source apps. Lets just say it's not as easy to get this setup working, as it is to get open-audit up and running. Also, I've never tried to setup ELK to create daily reports either. You could search for those events, there may be a way to automate it. Here is some more info http://www.ragingcomputer.com/2014/02/l ... event-logs |
Author: | rikki [ Thu Apr 20, 2017 6:16 am ] |
Post subject: | Re: new user looking for help |
[quote="shanimal"]As jpa mentioned you can tweak windows event settings so these events are written to the event logs. It's possible to setup a central server to collect all the event logs from your windows servers using ELK (elasticsearch, logstash, kibana plus nginx or redis) but I'd say it's not going to be easy & these are open source apps. Lets just say it's not as easy to get this setup working, as it is to get open-audit up and running. Also, I've never tried to setup ELK to create daily reports either. You could search for those events, there may be a way to automate it. Here is some more info http://www.ragingcomputer.com/2014/02/l ... event-logs ok... im gonna try that thank you for your advice |
Page 1 of 1 | All times are UTC + 10 hours |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |