28. 08. 2012 Tobias Goller NetEye

File access monitor

Many companies use shared directories or files to allow different users to access the information and if necessary modify them.

When I am on customer site implementing new NetEye projects, it happens very often that there is the need to monitor the accesses on these shared files.

To satisfy this requirement it is necessary  to enable the “Audit Object Access” in the group policy of the domain or of the machine itself.
Based on the different configurations, in fact, all the activities (listen, read or write) performed on these files can be monitored.

The results can later be viewed in the Event Viewer of NetEye and in particular all the logs are stored in the security container. In addition, by identifying the event id it is also possible to configure the Agent Safed that collects and send these logs to the NetEye syslog server that archives and indexes them.

Tobias Goller

Tobias Goller

NetEye Solution Architect at Würth IT Italy
I started my professional career as a system administrator. Over the years, my area of responsibility changed from administrative work to the architectural planning of systems. During my activities at Würth IT Italy, the focus of my area of responsibility changed to the installation and consulting of the IT system management solution WÜRTHPHOENIX NetEye. In the meantime, I take care of the implementation and planning of customer projects in the area of our unified monitoring solution.

Author

Tobias Goller

I started my professional career as a system administrator. Over the years, my area of responsibility changed from administrative work to the architectural planning of systems. During my activities at Würth IT Italy, the focus of my area of responsibility changed to the installation and consulting of the IT system management solution WÜRTHPHOENIX NetEye. In the meantime, I take care of the implementation and planning of customer projects in the area of our unified monitoring solution.

Latest posts by Tobias Goller

13. 10. 2025 Log-SIEM, Unified Monitoring
Elastic Defend: Experiences
18. 07. 2025 Automation, Cloud
Running SOS Berlin JobScheduler in Containers: A Step Toward Cloud-Native Scheduling
16. 04. 2025 NetEye, Unified Monitoring
Application Performance Monitoring in NetEye with Elastic APM and OpenTelemetry
20. 01. 2025 NetEye
Icinga Director Self Service API Not Working After Keycloak Activation
25. 10. 2024 Log-SIEM
Enhancing Cybersecurity with Elastic Defend: A Technical Consultant’s Perspective
See All

Related Content

Tags: , , , ,

28. 12. 2025 Automation, Business Service Monitoring, Icinga Web 2, NetEye, Service Management

Automating Notifications in NetEye

Today we continue our journey into monitoring automation in NetEye. In my previous post we discussed the possibility of automating Business Processes. As you may remember, for those of us working on NetEye Cloud monitoring dozens of clients, it's important Read More
24. 12. 2025 APM, Log-SIEM, Machine Learning, NetEye, Real User Experience

Root Cause Analysis with Elastic ML and Alyvix

When performance degradation occurs within a complex system, understanding the root cause can be extremely challenging. If the issue happens sporadically, this difficulty increases even more. This is because modern systems involve numerous components that interact in complex ways. For Read More
18. 12. 2025 Automation, Development, NetEye

From Patch to Package: How a Small Fix Becomes a Trusted RPM

At first glance, rebuilding an RPM may sound like a purely mechanical task: take a patch, rebuild the package, ship it. In reality, that small fix goes through a much longer journey that touches reliability, security, trust, and long-term maintainability. Read More
15. 12. 2025 Icinga Web 2, NetEye, Unified Monitoring

Monitoring Your NetApp S3 Object Storage

Introduction to NetApp and S3 NetApp offers a unified data storage system. NetApp's ONTAP operating system supports a combination of file, block, and object protocols. We can use common storage (disk array), such as NetApp AFF or FAS, and operate Read More
01. 12. 2025 NetEye, Unified Monitoring

Running the Icinga Agent as SYSTEM? No Thanks.

A safer way to run privileged Windows checks with SystemRunner If you’ve been monitoring Windows for a while, you’ve probably seen this pattern: some checks must run as LocalSystem (S-1-5-18), and the “quick fix” is to run the Icinga Agent Read More

One Reply to “File access monitor”

  1. Antonio Moletta says:
    August 29, 2012 at 07:24

    Hi Tobias, I’m working on this solution but unfortunately Syslog View doesn’t send notifications.

    Of course, it’s a really good repository to store audit events.

    I’m trying a different way like enabling snmp trap on the server and manage the “Audit Object Access” with Trap Handler module in NetEye.

    It works quite good!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive