In addition to real-time event auditing, you can enable event logging to capture Windows file server events locally in a Windows event log. This event log can then be collected using InTrust to satisfy long-term storage requirements.
For Windows file server events, event logging is disabled by default. When enabled, only configured activities are sent to the Quest File Access event log. See the Change Auditor for Windows Files Servers Event Reference Guide for a list of the events that can be sent to this event log.
2 |
Click the Configuration task button at the bottom of the navigation pane. |
3 |
4 |
Click Event Logging. |
5 |
On the Event Logging dialog, select File System. |
6 |
Click OK to save your selection and close the dialog. |
The following scenario explains how to use the What tab to create a custom File System search.
2 |
3 |
Click New at the top of the Searches page. |
5 |
• |
All File System Paths - select to include all file system paths |
• |
This Object - select to include only the selected objects |
• |
This Object and Child Objects Only - select to include the selected objects and its direct child objects |
• |
This Object and All Child Objects - select to include the selected objects and all subordinate objects (in all levels) |
7 |
By default, All Actions is selected meaning that all of the actions associated with the file system path will be included in the search. However, you can clear the All Actions option and select individual options to include specific actions in your search definition. |
• |
All Actions - select to include all of the actions (Default) |
• |
Add - select to include when a File System folder or file is added |
• |
Delete - select to include when a File System folder or file is deleted |
• |
Move - select to include when a File System folder or file is moved |
• |
Rename - select to include when a File System folder or file is renamed |
• |
Modify - select to include when a File System folder or file is modified |
• |
Other - select to include when any other type of activity occurs on a File System folder or file |
8 |
If you selected a scope other than All File System Paths, select the type of file system paths to be included in the search: |
• |
All Types - select to search all of the file system path types listed |
• |
File - select to search only files |
• |
Folder - select to search only folders |
• |
Transaction - select to audit changes that were committed or rolled back within a Windows 2012 transaction |
NOTE: If the All Types check box is selected by default, you must clear this check box before you can select any of the other options. |
9 |
If you selected a scope other than All File System Paths, enter or use the browse button to select the file or folder to be searched. Once you have entered a file or folder in the Path field, click Add to add the file/folder to the File System list. |
NOTE: Select the Exclude the Above Selection(s) check box if you want to search for all file system files or folders EXCEPT those listed in the ‘what’ list. |
NOTE: Select the Runtime Prompt check box on this dialog to prompt for a file system path every time the search is run. |
10 |
Once you have selected the file system paths to be included in the search, click OK to save your selection and close the dialog. |
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center