Using the server log monitoring software, server log analysis tool software to teach you how to view the server log? _ Server Other

Source: Internet
Author: User
Tags dedicated server

Many corporate LANs now have their own file servers for storing or sharing files for use by local area network users. However, in the process of setting up shared file access, it is common for shared files to be randomly copied, modified, or even deleted, which makes the security management of shared files face a greater risk. How can you make it possible for users to access shared files and prevent improper operation of shared files? I think that can be achieved through the following two ways:

Method One, through the Windows Server with the "File Audit feature" to record the server file access log, view the server file action log.

A user asks if the shared binder access on the file server can be monitored, such as monitoring and auditing file deletions and modifications, and tracking the people who mistakenly delete and mistakenly modify. There are a lot of third-party software to achieve such a function, in fact, Microsoft's Windows Server itself has the audit function to meet similar requirements, but compared to Third-party software, the Windows Server itself the file audit function can only record all audit log to the event log, Querying and positioning for post audit events is cumbersome, because the event log data becomes very large once the auditing feature is enabled. The following are steps to enable the Windows File Server auditing feature:

"Audit Policy" for Windows Server:

First, enable Audit object access

1. Log on to the file server with an account with administrator privileges.

2. Ensure that the Group Policy snap-in is installed.

3. Click Start, point to Settings, and then click Control Panel.

4. Double-click the Management tool.

5. Double-click Local Security policy to start the local security settings MMC snap-in.

6. Double-click the local policy to expand it, and then double-click the Audit policy.

7. In the right pane, double-click Audit object access.

8. Click Options: Audit successful attempts and audit failed attempts.

Note: If you are a member of a domain and you have defined a domain-level policy, the domain-level setting overrides the local policy setting.

Ii. setting up Windows file or folder auditing

1. Start Windows Explorer (click Start, point to Programs, attachments, and then click Windows Explorer), and then locate the file or folder that you want to audit.

2. Right-click the file or folder, click Properties, and then click the Security tab.

3. Click Advanced, and then click the Auditing tab.

4. Click Add. In the Name box, type the name of the user you want to audit.

5. Click OK to automatically open the Audit Entry dialog box.

6. Depending on the type of access you want to audit, click Success, failure, or success and failure under access.

7. If you want to prevent files and subfolders in the tree from inheriting these auditing entries, click to select the Apply these auditing entries check box.

Use Windows security log to view auditing

1. Click Start, point to Settings, and then click Control Panel.

2. Double-click the Administration Tool, and then double-click Computer Management.

3. Expand the System Tools, and then expand the Event Viewer.

4. Click the Security log.

Methods second, the use of special server file access logging software, server file management system to record the local area network users of the shared file access operations.

Given that there are some deficiencies in the Windows Server file auditing feature that do not meet the requirements of some users for fine-grained analysis of shared file access logs, it is possible to consider deploying a set of dedicated server-shared file logging software to detail the various operational behaviors of LAN users to server files. For example, there is a "trend to LAN shared file management software" (Download address: http://www.grabsun.com/ gongxiangwenjianshenji.html), only in the shared files of the server after the deployment, you can detailed records of LAN users of the various operations of shared files, detailed records of shared files open, copy, modify, delete, cut and rename, and other operational behavior, And also can record the visitor's IP address, MAC address, host name and domain account information and so on, fully protects the server to share the file security. At the same time, you can greatly protect your shared files by simply modifying shared files and preventing shared files from being deleted, allowing you to only read shared files and prevent replication of shared files from being copied, allowing you to only view shared files and block shared files from being saved as local. As shown in the following illustration:

Figure: Add a shared file to a monitoring path to fully record the various logs that Access shared files

Figure: Detailed recording of various actions on shared files

In short, whether it is through the operating system itself with the "File Audit" feature, or the use of Third-party servers to share file access logging software, you can achieve access to the shared files, but only relative to the operating system's file audit records function, A dedicated shared file audit provides more detailed shared file access logging to better protect the security of shared files.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.