Re: Auditing folders
- From: "karl levinson, mvp" <levinson_k@xxxxxxxxxxxxx>
- Date: Wed, 21 Dec 2005 09:58:19 -0500
Agreed. And also, I'm not sure of the value of auditing successful file
reads for all files. Those are going to fill up your logs, and are you ever
going to use that information? I would use the Microsoft suggested auditing
levels in their Windows Server 2003 Security guide at
www.microsoft.com/technet/security [I think it mentions file auditing, I
can't remember.] If you feel you really must have more auditing than that,
you could consider syslogging your event logs to a syslog server that you
can query, using something like SNARE or NTSYSLOG.
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:ObDgCzWBGHA.3928@xxxxxxxxxxxxxxxxxxxxxxx
> When you configure auditing you state what type of access and
> by what principals. If you audit for a custom group that only
> includes the accounts that you do want to generate audit records
> then you would have what you are after.
>
> "troyboy" <troyboy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:E76F9D54-5F25-4A51-BC3F-A861065E9264@xxxxxxxxxxxxxxxx
>> Good morning everyone,
>> I audit all of our folders using the built in feature in Server 2003. The
>> problem is our event log files are huge by the end of the day because
>> when
>> Veritas runs the backup at night it logs every file it reads and opens in
>> the
>> event log. Does anyone know of a way to exclude programs or users from
>> the
>> auditing process?
>> Thank you for your time.
>>
>
>
.
- Follow-Ups:
- Re: Auditing folders
- From: Roger Abell [MVP]
- Re: Auditing folders
- References:
- Re: Auditing folders
- From: Roger Abell [MVP]
- Re: Auditing folders
- Prev by Date: Re: netmon
- Next by Date: Re: netmon
- Previous by thread: Re: Auditing folders
- Next by thread: Re: Auditing folders
- Index(es):
Relevant Pages
|
