Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




:)
2867 posts

Uber Geek
+1 received by user: 84

Subscriber

Topic # 230759 12-Mar-2018 11:40
One person supports this post
Send private message quote this post

I am embarking on a journey to monitor certain critical files within our environment.
Windows event logging appears to give me information when someone uses certain rights against files when auditing in enabled, so from that perspective, Check! 

 

The problem I am running into is that when you create a file, a 4663 event is not generated - for some reason it's not being seen as a "write" access. I can use 4663 to monitor Modify/Write access to an EXISTING file and delete actions against a file, but I can't seem to get this last piece of the puzzle.

 

There seems to be a lot of mixed information out, some have said 4656 events, but those are requests against an object, and not necessarily the action taken against the file from what I've read.

 

 

 

Anyone else run into this? Is there a way to track this info accurately with event logging?






Create new topic


:)
2867 posts

Uber Geek
+1 received by user: 84

Subscriber

  Reply # 1977106 15-Mar-2018 12:43
Send private message quote this post

I'm surprised to see there are no answers or suggestions here.

 

 

 

I'm going to follow up with Microsoft directly and see what they come back with. The more I dig, the more I don't think there's a straight forward answer.






338 posts

Ultimate Geek
+1 received by user: 14


  Reply # 1977165 15-Mar-2018 13:25
Send private message quote this post

I use https://www.lepide.com/lepideauditor/file-server-auditing.html to monitor file servers. If I remember correctly event logs don't record enough events to be useful.

 

 


Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Amazon launches the International Shopping Experience in the Amazon Shopping App
Posted 19-Apr-2018 08:38


Spark New Zealand and TVNZ to bring coverage of Rugby World Cup 2019
Posted 16-Apr-2018 06:55


How Google can seize Microsoft Office crown
Posted 14-Apr-2018 11:08


How back office transformation drives IRD efficiency
Posted 12-Apr-2018 21:15


iPod laws in a smartphone world: will we ever get copyright right?
Posted 12-Apr-2018 21:13


Lightbox service using big data and analytics to learn more about customers
Posted 9-Apr-2018 12:11


111 mobile caller location extended to iOS
Posted 6-Apr-2018 13:50


Huawei announces the HUAWEI P20 series
Posted 29-Mar-2018 11:41


Symantec Internet Security Threat Report shows increased endpoint technology risks
Posted 26-Mar-2018 18:29


Spark switches on long-range IoT network across New Zealand
Posted 26-Mar-2018 18:22


Stuff Pix enters streaming video market
Posted 21-Mar-2018 09:18


Windows no longer Microsoft’s main focus
Posted 13-Mar-2018 07:47


Why phone makers are obsessed with cameras
Posted 11-Mar-2018 12:25


New Zealand Adopts International Open Data Charter
Posted 3-Mar-2018 12:48


Shipments tumble as NZ phone upgrades slow
Posted 2-Mar-2018 11:48



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.