Many companies use shared directories or files to allow different users to access the information and if necessary modify them.
When I am on customer site implementing new NetEye projects, it happens very often that there is the need to monitor the accesses on these shared files.
To satisfy this requirement it is necessary to enable the “Audit Object Access” in the group policy of the domain or of the machine itself.
Based on the different configurations, in fact, all the activities (listen, read or write) performed on these files can be monitored.
The results can later be viewed in the Event Viewer of NetEye and in particular all the logs are stored in the security container. In addition, by identifying the event id it is also possible to configure the Agent Safed that collects and send these logs to the NetEye syslog server that archives and indexes them.
I started my professional career as a system administrator.
Over the years, my area of responsibility changed from administrative work to the architectural planning of systems.
During my activities at Würth Phoenix, the focus of my area of responsibility changed to the installation and consulting of the IT system management solution WÜRTHPHOENIX NetEye.
In the meantime, I take care of the implementation and planning of customer projects in the area of our unified monitoring solution.
Author
Tobias Goller
I started my professional career as a system administrator.
Over the years, my area of responsibility changed from administrative work to the architectural planning of systems.
During my activities at Würth Phoenix, the focus of my area of responsibility changed to the installation and consulting of the IT system management solution WÜRTHPHOENIX NetEye.
In the meantime, I take care of the implementation and planning of customer projects in the area of our unified monitoring solution.
Hey everyone! We played around a bit last time with our radar data to build a model that we could train outside Elasticsearch, loading it through Eland and then applying it using an ingest pipeline. But since our data is Read More
Right now, at Würth Phoenix, we are investing in automating most of our operations using Ansible. You're probably already familiar with what Ansible does, but to summarize, Ansible is an open-source, command-line IT automation application written in Python. I've talked Read More
OpenShift already has a built-in monitoring suite with Prometheus, Grafana, and Alertmanager. This is all well and good, but what if organizations want to monitor their entire infrastructure, integrating all monitoring results under one umbrella? In this case, it's necessary Read More
Hey everyone! As you may remember, we took a look in the past at how it's possible to use a model (trained directly in Elasticsearch) to perform some real time classification by using an ingest pipeline. But... what if we Read More
Scenario GLPI is integrated into NetEye and provides powerful asset management solutions. Usually GLPI agents are deployed on servers and clients: this way an up-to-date asset inventory is kept within NetEye. The GLPI package also provides a tool able to Read More
Hi Tobias, I’m working on this solution but unfortunately Syslog View doesn’t send notifications.
Of course, it’s a really good repository to store audit events.
I’m trying a different way like enabling snmp trap on the server and manage the “Audit Object Access” with Trap Handler module in NetEye.
It works quite good!