Re: Auditing folders by Roger
Roger
Wed Dec 21 19:48:13 CST 2005
Karl,
As we agree about the use(lessness) of excessive audit trails
(and likely also would about the performance hit), perhaps we
should join forces to attempt hammering some sense into the
heads of those dictating what constitutes regulatory compliance :)
Roger
"karl levinson, mvp" <levinson_k@despammed.com> wrote in message
news:OZJp67jBGHA.3580@TK2MSFTNGP11.phx.gbl...
> Agreed. And also, I'm not sure of the value of auditing successful file
> reads for all files. Those are going to fill up your logs, and are you
> ever going to use that information? I would use the Microsoft suggested
> auditing levels in their Windows Server 2003 Security guide at
> www.microsoft.com/technet/security [I think it mentions file auditing, I
> can't remember.] If you feel you really must have more auditing than
> that, you could consider syslogging your event logs to a syslog server
> that you can query, using something like SNARE or NTSYSLOG.
>
>
> "Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
> news:ObDgCzWBGHA.3928@tk2msftngp13.phx.gbl...
>> When you configure auditing you state what type of access and
>> by what principals. If you audit for a custom group that only
>> includes the accounts that you do want to generate audit records
>> then you would have what you are after.
>>
>> "troyboy" <troyboy@discussions.microsoft.com> wrote in message
>> news:E76F9D54-5F25-4A51-BC3F-A861065E9264@microsoft.com...
>>> Good morning everyone,
>>> I audit all of our folders using the built in feature in Server 2003.
>>> The
>>> problem is our event log files are huge by the end of the day because
>>> when
>>> Veritas runs the backup at night it logs every file it reads and opens
>>> in the
>>> event log. Does anyone know of a way to exclude programs or users from
>>> the
>>> auditing process?
>>> Thank you for your time.
>>>
>>
>>
>
>