Chat now with support
Chat with Support

Change Auditor for Windows File Servers 7.0.2 - User Guide

File System event logging

In addition to real-time event auditing, you can enable event logging to capture Windows file server events locally in a Windows event log. This event log can then be collected using InTrust to satisfy long-term storage requirements.

For Windows file server events, event logging is disabled by default. When enabled, only configured activities are sent to the Quest File Access event log. See the Change Auditor for Windows Files Servers Event Reference Guide for a list of the events that can be sent to this event log.

2
Click the Configuration task button at the bottom of the navigation pane.
3
Select Agent in the Configuration task list to display the Agent Configuration page.
4
Click Event Logging.
6
Click OK to save your selection and close the dialog.

File System Searches/Reports

Introduction

You can search, report and alert on changes to a specific file or folder. Using Change Auditor for Windows Files Servers you can receive real-time alerts whenever someone tries to access a secure file or folder.

 

Create custom File System search

The following scenario explains how to use the What tab to create a custom File System search.

Selecting the Private folder will create a search that only you can run and view, whereas selecting the Shared folder will create a search which can be run and viewed by all Change Auditor users.
3
Click New at the top of the Searches page.
5
Open the What tab, expand Add and select Subsystem | File System.
All File System Paths - select to include all file system paths
This Object - select to include only the selected objects
This Object and Child Objects Only - select to include the selected objects and its direct child objects
This Object and All Child Objects - select to include the selected objects and all subordinate objects (in all levels)
7
By default, All Actions is selected meaning that all of the actions associated with the file system path will be included in the search. However, you can clear the All Actions option and select individual options to include specific actions in your search definition.
All Actions - select to include all of the actions (Default)
Add - select to include when a File System folder or file is added
Delete - select to include when a File System folder or file is deleted
Move - select to include when a File System folder or file is moved
Rename - select to include when a File System folder or file is renamed
Modify - select to include when a File System folder or file is modified
Other - select to include when any other type of activity occurs on a File System folder or file
8
If you selected a scope other than All File System Paths, select the type of file system paths to be included in the search:
All Types - select to search all of the file system path types listed
File - select to search only files
Folder - select to search only folders
Transaction - select to audit changes that were committed or rolled back within a Windows 2008 or 2012 transaction
NOTE: If the All Types check box is selected by default, you must clear this check box before you can select any of the other options.
9
If you selected a scope other than All File System Paths, enter or use the browse button to select the file or folder to be searched. Once you have entered a file or folder in the Path field, click Add to add the file/folder to the File System list.
NOTE: Select the Exclude the Above Selection(s) check box if you want to search for all file system files or folders EXCEPT those listed in the ‘what’ list.
NOTE: Select the Runtime Prompt check box on this dialog to prompt for a file system path every time the search is run.
Related Documents