Fwd: Audit Windows files/folders

["kevin fielder" <kevin.fielder () gmail com>]

Hi

> From what you have said using a syslog tool in conjunction with Windows
2003 auditing functions would probably do the job.

Something like event reporter on the clients and any decent syslog
server from free ones (e.g. Linux) to cheap (e.g. kiwi syslog) to
expensive (e.g. cisco mars) would enable you to alert on file changes
and may other system and application events and send emails etc out when
your alert conditions are met.

This relies on the windows auditing functionality so may not be as
configurable in terms of what events can be monitored for and logged as
a product like tripwire or a more comprehensive ids product, but this
does allow for alerting on many other system and application events.

As an aside it is very good practice to centralise your event / sys
logs (and application logs if possible) for both monitoring and alerting
purposes, and also for after the event investigation.

Cheers

Kevin

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of J.M. Seitz
Sent: 10 April 2007 22:30
To: 'TStark'; 'Scott Ramsdell'
Cc: 'Tornado'; security-basics () securityfocus com
Subject: RE: Audit Windows files/folders

Another excellent one is SamHain, although it's for linux, it kicks the
pants off of Tripwire.

JS

> -----Original Message-----
> From: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com] On Behalf Of TStark
> Sent: Monday, April 09, 2007 3:28 PM
> To: Scott Ramsdell
> Cc: Tornado; security-basics () securityfocus com
> Subject: Re: Audit Windows files/folders
>
> Best software for that very thing is TripWire. Will watch
> changes in files, anything deleted, services shut down,
> processes stopped, etc..reported by e-mail, paging,
> etc..sounds like what you're lookin for.
>
> Tony
>
> On 4/9/07, Scott Ramsdell <Scott.Ramsdell () cellnet com> wrote:
> > Hi,
> >
> > Simply query your server's event log with a VB script after
> enabling
> > auditing.
> >
> > Kind Regards,
> >
> > Scott Ramsdell
> > CISSP, CCNA, MCSE
> > Security Network Engineer
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com
> > [mailto:listbounce () securityfocus com]
> > On Behalf Of Tornado
> > Sent: Thursday, April 05, 2007 12:02 PM
> > To: security-basics () securityfocus com
> > Subject: Re: Audit Windows files/folders
> >
> > Thank you all for your replies. I know there is Auditing feature in
> > Windows 2003 which will show up in event logs.
> > But unfortunately i missed to add this point that we are
> looking for
> > some software which will alert us via email when some
> folder/ file is
> > deleted. Both open source and commercial tools are fine.
> >
> > Thanks.
> >
> > Quoting Tornado <itsec_guy () bluebottle com>:
> >
> > > Hi All,
> > >
> > > I am looking for some software which will allow me to audit the
> > > files on Windows 2003 server. e.g. who deleted the
> file/folder etc.
> > >
> > > Please let me know.Both open source and commercial tools are fine.
> > >
> > > Thanks in advance.
> > >
> > >
> >
> >