Log files don't need to be big if you know what you're looking for. It goes back to the "I *can* audit everything, but what are you looking for"? I, for example, have monitoring software and I look for application installs on all PC's for a 50-user company by simply having it look for Event ID 11707 in the Application log of each PC. Log files are set to their normal size (16MB), and whatever meets the criteria I get an e-mail about, I don't have to search a log for anything.
If you know what you're looking for, you can be proactive an never have to manually dig through log files. As Durf says, log files will take care of the needs, but knowing what you're looking for saves a LOT of time. Durf is right, you can accomplish this with auditing settings and an application that can read logs. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -----Original Message----- From: Devin Meade [mailto:devin.me...@gmail.com] Sent: Wednesday, January 07, 2009 8:32 AM To: NT System Admin Issues Subject: Re: Auditing Everything Watch out setting the server's event log bigger than 300MB. CHeck this out: http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/MaximumsizeforEventlogs.html You are gonna have to use something other than windoze file auditing due to this limit. Something designed for $$ this $$ need $$. Like I see in other posts, you will need multiple tools. We use MS ISA's logging for web surfing history - it works well if setup right. Something tells me he wants it at no cost. hth,Devin On Wed, Jan 7, 2009 at 9:31 AM, Michael B. Smith <mich...@theessentialexchange.com> wrote: > Is he a control freak, or what? > > > > ISA can give you web auditing. For the rest, you'll need a third party > application. (And you can also go third-party for web auditing - WebSense is > probably the most popular.) > > > > Personally, I'm fond of NetPro's ChangeAuditor (they were recently acquired > by Quest). NetWrix also has a suite of tools for this that is installed at > one of my clients. > > > > To audit EVERYTHING, you may find it necessary to add a server that does > nothing but process audit records. The volume is quite large, even in a > small network. > > > > Regards, > > > > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP > > My blog: http://TheEssentialExchange.com/blogs/michael > > I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php > > > > From: Alex Carroll [mailto:acarr...@crabco.net] > Sent: Wednesday, January 07, 2009 10:25 AM > To: NT System Admin Issues > Subject: Auditing Everything > > > > I have a request from my CEO to audit everything that happens on our > network. When users open files, when they change files, delete files, use > any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any > of you have a good solution you can recommend for that? I can google all I > want, but I won't know the real world experience by doing that. We are a > smaller company - 16 users. Right now we have 3 servers (1 SBS 03, 2 that > are 2003) in production. We use XP and Vista. > > > > Thanks in advance! > > > > Alex Carroll > > Software Support > > Crabtree Companies, Inc. > > 651-688-2727 > > > > > > > > > > > > -- Devin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~