Re: How to track who reads/changes files on NT4.0 server in NT4 domain?

[H Carvey <keydet89 () yahoo com>]

In-Reply-To: <408D8DCD3813D5119DB400902771A41F0711A393 () mercury charlottesville org>


> We need the ability to track what users read and change files in a specific
> directory on a NT 4.0 server in an NT 4.0 domain (not the entire server).
>
> I'm not seeing any built-in auditing that will do that. 

You need to enable auditing for File and Object Access, then set the SACLs on the directories/files that you want to 
monitor.  Event Logs will then be generated.

> Is there any software which will do the monitoring and
> generate reports?

Generating the data is no problem.  Generating the reports will be the issue...you'll have to collect the Event Log 
entries and then parse them in order to generate a report.  That is not too difficult to do...you can easily do this in 
Perl, or using third-party tools (psloglist) to get the entries and then use Perl to generate the reports.  

I don't know of any software that will collect all of the entries with specific IDs and then give you a report of which 
file was accessed by which user.

Harlan




---------------------------------------------------------------------------
----------------------------------------------------------------------------