Security Basics mailing list archives
Fwd: Audit Windows files/folders
From: "kevin fielder" <kevin.fielder () gmail com>
Date: Wed, 11 Apr 2007 13:50:26 +0100
Hi
From what you have said using a syslog tool in conjunction with Windows
2003 auditing functions would probably do the job. Something like event reporter on the clients and any decent syslog server from free ones (e.g. Linux) to cheap (e.g. kiwi syslog) to expensive (e.g. cisco mars) would enable you to alert on file changes and may other system and application events and send emails etc out when your alert conditions are met. This relies on the windows auditing functionality so may not be as configurable in terms of what events can be monitored for and logged as a product like tripwire or a more comprehensive ids product, but this does allow for alerting on many other system and application events. As an aside it is very good practice to centralise your event / sys logs (and application logs if possible) for both monitoring and alerting purposes, and also for after the event investigation. Cheers Kevin -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of J.M. Seitz Sent: 10 April 2007 22:30 To: 'TStark'; 'Scott Ramsdell' Cc: 'Tornado'; security-basics () securityfocus com Subject: RE: Audit Windows files/folders Another excellent one is SamHain, although it's for linux, it kicks the pants off of Tripwire. JS
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of TStark Sent: Monday, April 09, 2007 3:28 PM To: Scott Ramsdell Cc: Tornado; security-basics () securityfocus com Subject: Re: Audit Windows files/folders Best software for that very thing is TripWire. Will watch changes in files, anything deleted, services shut down, processes stopped, etc..reported by e-mail, paging, etc..sounds like what you're lookin for. Tony On 4/9/07, Scott Ramsdell <Scott.Ramsdell () cellnet com> wrote: > Hi, > > Simply query your server's event log with a VB script after enabling > auditing. > > Kind Regards, > > Scott Ramsdell > CISSP, CCNA, MCSE > Security Network Engineer > > -----Original Message----- > From: listbounce () securityfocus com > [mailto:listbounce () securityfocus com] > On Behalf Of Tornado > Sent: Thursday, April 05, 2007 12:02 PM > To: security-basics () securityfocus com > Subject: Re: Audit Windows files/folders > > Thank you all for your replies. I know there is Auditing feature in > Windows 2003 which will show up in event logs. > But unfortunately i missed to add this point that we are looking for > some software which will alert us via email when some folder/ file is > deleted. Both open source and commercial tools are fine. > > Thanks. > > Quoting Tornado <itsec_guy () bluebottle com>: > > > Hi All, > > > > I am looking for some software which will allow me to audit the > > files on Windows 2003 server. e.g. who deleted the file/folder etc. > > > > Please let me know.Both open source and commercial tools are fine. > > > > Thanks in advance. > > > > > >
Current thread:
- Audit Windows files/folders Tornado (Apr 04)
- Re: Audit Windows files/folders Ali, Saqib (Apr 04)
- Re: Audit Windows files/folders Noaman Khan (Apr 04)
- RE: Audit Windows files/folders James Winzenz (Apr 05)
- Re: Audit Windows files/folders Tornado (Apr 09)
- RE: Audit Windows files/folders Scott Ramsdell (Apr 09)
- Re: Audit Windows files/folders Rob Creely (Apr 10)
- Re: Audit Windows files/folders TStark (Apr 10)
- RE: Audit Windows files/folders J.M. Seitz (Apr 10)
- Message not available
- Fwd: Audit Windows files/folders kevin fielder (Apr 11)
- RE: Audit Windows files/folders Scott Ramsdell (Apr 09)
- Monitoring of Admin logins Sohail Sarwar (Apr 10)
- RE: Monitoring of Admin logins Petter Bruland (Apr 10)
- RE: Monitoring of Admin logins Dixon, Wayne (Apr 10)
- Re: Monitoring of Admin logins Buz Dale (Apr 10)
- Re: Monitoring of Admin logins Steven Adair (Apr 11)
- Re: Monitoring of Admin logins Steven Hollingsworth (Apr 11)