NOTE: Authorization to use the administration tasks on the Administrations Tasks tab is defined using the Application User Interface page under the Configuration task list. If you are denied access to the tasks on this page, refer to the Change Auditor User Guide for more information on how to gain access. |
The File System Auditing page contains an expandable view of all the File System Auditing templates that have been previously defined. To add a new template to this list, click Add. Once added, the following information is provided for each template:
2 |
Click Auditing. |
3 |
Select File System (under the Server heading in the Auditing task list) to open the File System Auditing page. |
4 |
Click Add to open the File System Auditing wizard which will step you through the process of creating a File System Auditing template. |
• |
Template Name - Enter a name for the template. |
• |
Audit Path - Select the File option. Enter a file name (Drive:\Folder\FileName.ext) or click the browse button and select the file to be audited. |
• |
Events tab - Select the file events to be audited for the file selected in the selection list. |
NOTE: Selecting the File Events check box at the top of the events list on the Events tab will select all of the events listed. Similarly, clearing this check box will clear all of the selected events. |
8 |
(Optional) Click Next to proceed to the next page to select processes that are to be excluded from auditing (for example, changes made by the processes specified on this page will not be audited). |
10 |
To create the template and assign it to an agent configuration, expand Finish and select Finish and Assign to Agent Configuration. |
• |
Select a configuration, then select the newly created template, click in the corresponding Assigned cell and click Yes. |
• |
On the Agent Configuration page, select the agents assigned to use the modified agent configuration and click Refresh Configuration to ensure the agents are using the latest configuration. |
2 |
Click Auditing. |
3 |
Select File System (under the Server heading in the Auditing task list) to open the File System Auditing page. |
4 |
Click Add to launch the File System Auditing Wizard which steps you through the process of creating a File System Auditing template. |
• |
Template Name - Enter a name for the template. |
• |
Audit Path - Select the Folder option. Enter a folder name (i.e., Drive:\Folder\) or click the Browse button to select the folder to audit. |
NOTE: Once the Folder option is selected, you can select a system variable using the drop-down menu. Click the arrow to the far right of the text box and select one of the following options:
|
6 |
By default, the scope of coverage for the selected folder will be This object and all child objects. However, you can change the scope, by selecting a different option from the drop-down box in the scope cell of the selection list: |
• |
This object only- select this option to audit only the selected folder, not its files or subfolders. |
• |
This object and child objects only - select this option to audit the selected folder and its direct files and subfolders. This is not recursive. |
• |
This object and all child objects - select this option to audit this folder and all of its files and subfolders. |
NOTE: Selecting the File Events or Folder Events check box at the top of the events list on the Events tab will select all of the events listed. Similarly, clearing these check boxes will clear all of the selected events. |
• |
Browse Files - selecting this browse option displays the Select a file system path dialog allowing you to select a file for exclusion from auditing. |
• |
Browse Folders - selecting this browse option displays the Browse for Folder dialog allowing you to select a folder for exclusion from auditing. |
• |
Add | Folder - use this option to exclude activity against files/subfolders in any folders that match the exclusion string. |
• |
Add | File - use this option to exclude activity against any files that match the exclusion string. |
10 |
(Optional) Click Next to proceed to the next page to select processes that are to be excluded from auditing (for example, changes made by the processes specified on this page will not be audited). |
12 |
To create the template and assign it to an agent configuration, expand Finish and select Finish and Assign to Agent Configuration. |
• |
Select a configuration, then select the newly created template, click in the corresponding Assigned cell and click Yes. |
• |
On the Agent Configuration page, select the agent(s) assigned to use the modified agent configuration and click Refresh Configuration to ensure the agents are using the latest configuration. |
2 |
• |
Place your cursor in the Status cell for the template to be disabled, click the arrow control and select Disabled. |
2 |
To re-enable the auditing template, use the Enable option in either the Status cell or right-click menu. |
• |
Place your cursor in the Status cell for the file path to be disabled, click the arrow control and select Disabled. |
2 |
To re-enable the auditing of a file path, use the Enable option in either the Status cell or right-click menu. |
1 |
On the File System Auditing page, select the template to be deleted and click Delete | Delete Template. |
1 |
On the File System Auditing page, select the file path to be deleted and click Delete | Delete File Path. |
2 |
The File System Auditing wizard displays when you click Add or Edit on the File System Auditing page. This wizard steps you through the process of creating a new file system auditing template, identifying the files, folders or all drives on a system that are to be included in the auditing template.
Select one of the following options to define auditing for a file, folder or all drives:
Once you have entered the audit path to be audited, use the Add button to add it to the selection list. | |||||||
When the File or Folder option is selected as the audit path, click the browse button to locate and select a file or folder to be audited. | |||||||
Click Add to move the entry in the Audit Path text box to the selection list. NOTE: Even though you cannot edit the Audit Path when the All Drives option is selected, you must still use Add to move it to the selection list. | |||||||
Select an entry in the selection list and click Remove to remove it from the template. | |||||||
When a Folder is selected, you can use the drop-down menu in the Scope field to change the scope of coverage for a folder:
| |||||||
Select the file events to audit. Select the File Events check box to select all of the file events listed or select individual events from the list. NOTE: Due to the potential of generating a very large number of events, File Open events are NOT captured when This object and all child objects is selected in the Scope cell. Therefore, File Open is NOT included in the File Events list on this page when This object and all child objects is selected above. | |||||||
Select the folder events to audit. Select the Folder Events check box to select all of the folder events listed or select individual events from the list. NOTE: Due to the potential of generating a very large number of events, Folder Open events are NOT captured when This object and all child objects is selected in the Scope cell. Therefore, Folder Open is NOT included in the Folder Events list on this page when This object and all child objects is selected above. | |||||||
Multiple folder open events are generated by tooltips (folder content information that is displayed when you hover your mouse over a folder) because Windows Explorer navigates the folder tree for all the sub-folders when you hover over the parent folder to see the tooltip. To ignore the folder opened events generated by this action, select the Discard Windows Explorer tooltip events from browsing option. Multiple file open events are generated by file scans because Windows Explorer opens and reads the header of all files contained in an opened folder for information to display in the window. To ignore the file open events generated by this action, select the Discard file open events from folder browsing option. | |||||||
When the Folder or All Drives option is selected in the Audit Path field and the Scope includes child objects, the Inclusions tab will be displayed allowing you to specify what in the selected audit path is to be audited. | |||||||
For example, entering * will include all folders and files in the selected audit path. See File/Folder Inclusion and Exclusion Examples for more file mask examples. Once you have specified the subfolder or file to be included, click Add to add it to the Inclusions list. | |||||||
| |||||||
When the Folder or All Drives option is selected in the Audit Path field and the Scope includes child objects, the Exclusions tab will be displayed allowing you to refine the settings defined on the Inclusions tab. That is, you can optionally specify the names and paths of any subfolders and files in the selected audit path that are to be excluded from auditing. | |||||||
Add the names and paths of subfolders and files to exclude from auditing |
For example, entering *.log will exclude all files in the audit folder with the .log file extension. Whereas, entering **.log will exclude all files with the .log file extension found in the audit folder or in any subfolders. See File/Folder Inclusion and Exclusion Examples for more examples. Click the browse button and select one of the following options:
Once you have specified a subfolder or file to be excluded, click the appropriate Add button to add the file or folder to the Exclusions list. | ||||||
| |||||||
(Optional) Select Processes Exempt From Auditing page: Use this page to suppress events generated by a specific process (e.g., anti virus process).
| |||||||
Displays a list of the processes available on the local server. From this list, select one or more processes and click Add to move them to the Excluded Process list at the bottom of the page. | |||||||
Displays the name of the server from which the processes list was populated. | |||||||
Click the Add button to add the selected process(es) to the Excluded Process list. | |||||||
|
2 |
Click Configuration. |
3 |
4 |
Click Configurations. |
7 |
Once you have set these settings, click OK to save your selections, close the dialog and return to the Agent Configuration page. |
8 |
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center