E
Erezp
Hi,
I want to audit some directories in my network. I want
only to monitor users access to files. I enable the
auditing policy and configured the audit on the directory
properties. after a week I got a giant log with allot of
information in it (80MB). I saved it to a file and query
it in EventcombMT.exe (from - RKT2003). the result was a
huge txt file that I open in excel. I noticed that only
the lines with the string "Object Type: File" are referred
to a real file. I made a small tool that removes the lines
without the string "Object Type: File". the result was
very small. should I search for another string since I
only want user access to files?
Thanks
I want to audit some directories in my network. I want
only to monitor users access to files. I enable the
auditing policy and configured the audit on the directory
properties. after a week I got a giant log with allot of
information in it (80MB). I saved it to a file and query
it in EventcombMT.exe (from - RKT2003). the result was a
huge txt file that I open in excel. I noticed that only
the lines with the string "Object Type: File" are referred
to a real file. I made a small tool that removes the lines
without the string "Object Type: File". the result was
very small. should I search for another string since I
only want user access to files?
Thanks