Kaseya Community

Security log - object access

  • Hi All,

    I have a customer who wants to monitor access of certain files. I want to investigate if we can do this using kaseya.

    I set up auditing on the direcotry that needs to be monitored and that gives me the good event of 562 in the security log. I can set up monitoring for that event but then what?

    The clients wanst to know if anybody else then "admin1" "admin2" has opened a file. So i need to have a script that will check the security log for "what user accesed the file" and if it's not an "admin" then write date-time-file-username to a log.

    Has anybody set up a simular situation?

    Thanks in advance.

    Best regards

    Hans den Boer

    Legacy Forum Name: Security log - object access,
    Legacy Posted By Username: Hans den Boer
  • I would use get file to grab the log on a regular basis then email who ever when it detects a change.

    You could also set up a log parcer to check it... (probably the better option but a bit more difficult to do)

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: thirteentwenty
  • thanks for your reply

    What log? the windows security log? that's not a readable textfile if you ask me, can you explain what you mean?

    we use the log parser for quite some things so that should not be a problem

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Hans den Boer
  • you can use the dir command with a few switches to find out when a file was accessed there are other tools out there that will allow for more data to be collected.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: thirteentwenty