So, you're saying you routinely audit every file and object access and change? There are appropriate things to audit routinely, and then there is needless waste unless you are troubleshooting/tracking something specific.
On Wed, Jan 7, 2009 at 11:27 AM, Durf <stygm...@gmail.com> wrote: > The performance hit is minor for a network of that size and not worth > worrying about. > And, for any and all of those solutions, the Audit log is the solution. > What is the problem that would NOT involve gathering and reporting on Audit > logs? That's just standard practice. > > -- Durf > > > On Wed, Jan 7, 2009 at 11:22 AM, David Lum <david....@nwea.org> wrote: > >> There will be a performance hit. I would ask what he's trying to >> accomplish…what are his goals? Licensing? Misuse? Malware protection? >> Information theft? He's suggested a solution to an unknown problem. It's the >> CEO's job to tell the IT guy what he needs, it's the IT guys job to figure >> out how to accomplish it. >> >> >> >> My FIRST comment to the CEO would be "I can do this for you, what are you >> looking to accomplish? It will help me get your end result for the lowest >> cost…" >> >> *David Lum** **// *SYSTEMS ENGINEER >> NORTHWEST EVALUATION ASSOCIATION >> (Desk) 971.222.1025 *// *(Cell) 503.267.9764 >> >> *From:* Durf [mailto:stygm...@gmail.com] >> *Sent:* Wednesday, January 07, 2009 7:49 AM >> *To:* NT System Admin Issues >> *Subject:* Re: Auditing Everything >> >> >> >> Christ you all. It doesn't have to be this hard. >> >> >> >> If they have a Sonicwall, buy the Viewpoint module. If they don't have a >> Sonicwall, then get them one. There are equivalent products for Cisco and >> Watchguard. >> >> >> >> For AD, just turn on appropriate auditing and use GFI EventSentry to >> gather and report on events. >> >> >> >> That's it, you're done. Aside from literal keystroke logging on the >> workstations, these two items will handle everything else on the network >> that is appropriate. >> >> >> >> Whether they *should* do it or not is a whole different question, and not >> what the OP asked. >> >> >> >> -- Durf >> >> >> >> On Wed, Jan 7, 2009 at 10:44 AM, Roger Wright <rwri...@evatone.com> >> wrote: >> >> And how many people does he plan to hire to review and report on all this >> data? You'll probably need to add storage and another server to accommodate >> it. >> >> >> >> Take a look at Adventnet's Eventlog Analyzer… >> >> http://manageengine.adventnet.com/products/eventlog/index.html >> >> >> >> >> >> >> >> >> >> >> >> Roger Wright >> >> Network Administrator >> >> Evatone, Inc. >> >> 727.572.7076 x388 >> >> _____ >> >> >> >> *From:* Alex Carroll [mailto:acarr...@crabco.net] >> *Sent:* Wednesday, January 07, 2009 10:25 AM >> >> >> *To:* NT System Admin Issues >> >> *Subject:* Auditing Everything >> >> >> >> I have a request from my CEO to audit everything that happens on our >> network. When users open files, when they change files, delete files, use >> any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any >> of you have a good solution you can recommend for that? I can google all I >> want, but I won't know the real world experience by doing that. We are a >> smaller company – 16 users. Right now we have 3 servers (1 SBS 03, 2 that >> are 2003) in production. We use XP and Vista. >> >> >> >> Thanks in advance! >> >> >> >> Alex Carroll >> >> Software Support >> >> Crabtree Companies, Inc. >> >> 651-688-2727 >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> -------------- >> Give a man a fish, and he'll eat for a day. >> Give a fish a man, and he'll eat for weeks! >> >> >> >> >> >> >> >> >> >> >> > > > -- > -------------- > Give a man a fish, and he'll eat for a day. > Give a fish a man, and he'll eat for weeks! > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
