This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Audit Folder/File access

Go to solution
Cillié_Truter
Engaged Sweeper

‎09-22-2015 11:14 AM

Hi

If Auditing is enabled on a file server for a folder. Is there any information regarding these events pulled into lansweeper and what script would you use to pull a report with this information?

CT
Labels:
0 Kudos
1 ACCEPTED SOLUTION
Go to solution
Daniel_B
Lansweeper Alumni

‎09-23-2015 12:45 PM

Lansweeper is able to scan Security event log entries, but you need to set this up under Configuration\Server options, section Eventlog scanning. Your Lansweeper database should be running on SQL Server Express or higher edition. After enabling scanning of Success Audit and Failure audit events you are able to create reports on specific event IDs or use the Event filter widget on your Dashboard to display the events.
You might consider setting up Scheduled eventlog scanning in order to rescan the eventlog on specific machines with a shorter interval.
More details on eventlog scanning for non-error events can be found in this KB article.

View solution in original post

4 REPLIES 4
Go to solution
Cillié_Truter
Engaged Sweeper

‎09-30-2015 05:36 PM

Thank you very much Daniel!
0 Kudos
Go to solution
Daniel_B
Lansweeper Alumni

‎09-28-2015 10:27 AM

You might give the following a try. After enabling object access auditing on computers in your network and scanning of Success audit and Failure events in your Lansweeper installation, this report lists events related to object access.

Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.IPAddress,
  tsysOS.OSname,
  tsysOS.Image As icon,
  tblNtlog.Eventcode,
  tblNtlog.TimeGenerated,
  tblNtlogFile.Logfile,
  tblNtlogSource.Sourcename,
  tblNtlogMessage.Message
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
  Inner Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
  Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
    tblNtlog.SourcenameID
  Inner Join tsysOS On tblAssets.OScode = tsysOS.OScode
  Inner Join tblNtlogFile On tblNtlogFile.LogfileID = tblNtlog.LogfileID
Where tblNtlog.Eventcode In (4656, 4658, 4660, 4663, 4685, 4985) And
  tblAssetCustom.State = 1
Order By tblNtlog.TimeGenerated Desc
Go to solution
Cillié_Truter
Engaged Sweeper

‎09-24-2015 06:20 PM

Hi Daniel

Thank you for this information.
Could you give me a report script I can use to show this information to start with?

Thank you in advance.
0 Kudos
Go to solution
Daniel_B
Lansweeper Alumni

‎09-23-2015 12:45 PM

Lansweeper is able to scan Security event log entries, but you need to set this up under Configuration\Server options, section Eventlog scanning. Your Lansweeper database should be running on SQL Server Express or higher edition. After enabling scanning of Success Audit and Failure audit events you are able to create reports on specific event IDs or use the Event filter widget on your Dashboard to display the events.
You might consider setting up Scheduled eventlog scanning in order to rescan the eventlog on specific machines with a shorter interval.
More details on eventlog scanning for non-error events can be found in this KB article.

Reports & Analytics

Ask about reports you're interested in and share reports you've created. Subscribe to receive daily updates of reports shared in the Community.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now
li.common.scroll-to.top