Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
security log files
- Thread starter funyman
- Start date
For which operating systems
- Thread starter
- #3
Its been a while since I played with NT4 - but I believe there is built into NT4 file level auditing of files and directories. You should be able to enable auditing of the files -- set it up for notifying when the file is accessed and/or modified and observe the Event Log for those files....
Hope this helps,
Paul
Hope this helps,
Paul
I tend to think that the Audit feature isn't used very often. A friend of mine, admin for a medium sized company, decided to try it once. He set the options and forgot about it. Two days later the PDC ran out of disk space.
The log files can become very, very large in a short period of time.
I don't use it but I had to try it. I turned on auditing for myself and set the audit events for a text file on the server. I opened the file from a workstation, made some changes and then saved the file. Checking the event viewer on the server, I found 55 security entries relating to the simple access and modification of the file.
A bit in the way of "overkill". I would hate to have to configure this feature for multiple users with various file/folder permissions... but I'm sure there are ways to fine-tune it and ways to limit the size of the logs.
Of course, those options aren't immediately apparent. There has to be a better way.
Alt255@Vorpalcom.Intranets.com
"If you can get people to ask the wrong questions, they'll never find the right answers."[tt]
Thomas Pynchon[/tt]
Perhaps the reverse is also true....
The log files can become very, very large in a short period of time.
I don't use it but I had to try it. I turned on auditing for myself and set the audit events for a text file on the server. I opened the file from a workstation, made some changes and then saved the file. Checking the event viewer on the server, I found 55 security entries relating to the simple access and modification of the file.
A bit in the way of "overkill". I would hate to have to configure this feature for multiple users with various file/folder permissions... but I'm sure there are ways to fine-tune it and ways to limit the size of the logs.
Of course, those options aren't immediately apparent. There has to be a better way.
Alt255@Vorpalcom.Intranets.com
"If you can get people to ask the wrong questions, they'll never find the right answers."[tt]
Thomas Pynchon[/tt]
Perhaps the reverse is also true....
- Thread starter
- #7
- Status
Similar threads
- Locked
- Question
- Locked
- Question