This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- Reports & Analytics
- Audit Folder/File access
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-22-2015 11:14 AM
Hi
If Auditing is enabled on a file server for a folder. Is there any information regarding these events pulled into lansweeper and what script would you use to pull a report with this information?
CT
If Auditing is enabled on a file server for a folder. Is there any information regarding these events pulled into lansweeper and what script would you use to pull a report with this information?
CT
Solved! Go to Solution.
Labels:
- Labels:
-
Report Center
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-23-2015 12:45 PM
Lansweeper is able to scan Security event log entries, but you need to set this up under Configuration\Server options, section Eventlog scanning. Your Lansweeper database should be running on SQL Server Express or higher edition. After enabling scanning of Success Audit and Failure audit events you are able to create reports on specific event IDs or use the Event filter widget on your Dashboard to display the events.
You might consider setting up Scheduled eventlog scanning in order to rescan the eventlog on specific machines with a shorter interval.
More details on eventlog scanning for non-error events can be found in this KB article.
You might consider setting up Scheduled eventlog scanning in order to rescan the eventlog on specific machines with a shorter interval.
More details on eventlog scanning for non-error events can be found in this KB article.
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-30-2015 05:36 PM
Thank you very much Daniel!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-28-2015 10:27 AM
You might give the following a try. After enabling object access auditing on computers in your network and scanning of Success audit and Failure events in your Lansweeper installation, this report lists events related to object access.
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.IPAddress,
tsysOS.OSname,
tsysOS.Image As icon,
tblNtlog.Eventcode,
tblNtlog.TimeGenerated,
tblNtlogFile.Logfile,
tblNtlogSource.Sourcename,
tblNtlogMessage.Message
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Inner Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Inner Join tsysOS On tblAssets.OScode = tsysOS.OScode
Inner Join tblNtlogFile On tblNtlogFile.LogfileID = tblNtlog.LogfileID
Where tblNtlog.Eventcode In (4656, 4658, 4660, 4663, 4685, 4985) And
tblAssetCustom.State = 1
Order By tblNtlog.TimeGenerated Desc
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-24-2015 06:20 PM
Hi Daniel
Thank you for this information.
Could you give me a report script I can use to show this information to start with?
Thank you in advance.
Thank you for this information.
Could you give me a report script I can use to show this information to start with?
Thank you in advance.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-23-2015 12:45 PM
Lansweeper is able to scan Security event log entries, but you need to set this up under Configuration\Server options, section Eventlog scanning. Your Lansweeper database should be running on SQL Server Express or higher edition. After enabling scanning of Success Audit and Failure audit events you are able to create reports on specific event IDs or use the Event filter widget on your Dashboard to display the events.
You might consider setting up Scheduled eventlog scanning in order to rescan the eventlog on specific machines with a shorter interval.
More details on eventlog scanning for non-error events can be found in this KB article.
You might consider setting up Scheduled eventlog scanning in order to rescan the eventlog on specific machines with a shorter interval.
More details on eventlog scanning for non-error events can be found in this KB article.
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- I CANNOT SEE MY NETWORK SOFTWARE INFORMATION. in General Discussions
- Who else is having issues with GCC High and Microsoft Graph connections in General Discussions
- BIOS Version Audit report for Microsoft Windows, Linux , VMware ESXi in Reports & Analytics
- Global Credentials in General Discussions
- Scan data updated in asset screen but not in report in General Discussions
