|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
monitor access to docs on IISI have an automated job on an IIS 4&5 server that generates .pdf
reports to users directories. The users each have seperate unique logins to their respective directories. The users logins ARE NOT Windows domain accounts. The user accounts are assigned through a proprietary application that also generates the reports. I need to be able to audit/monitor when a user logs in and views thier reports. Other than typical Windows server object access monitoring in the security logs is there a way to capture when the pdf file was opened? Also can I log either the computer name of the PC accessing or the IP of the computer accessing the documents? thanks for reading and I appreciate any info anyone can provide Here are a couple of ideas. You could build custom logging into the
application to write the user name and document access to the Windows Event log or a custom log file / database. The other option I believe would work is turn on 'auditing' for 'authenticated users' on the files / folders you want to track. When a file is accessed it will be logged in the normal Windows event log. You could use Event Comb to query the logs. Another tool to query the logs is called Log Parser. http://www.microsoft.com/technet/security/topics/auditingandmonitoring/securitymonitoring/smpgch02.mspx or http://www.logparser.com Hope that helps. -- Show quoteHide quoteSteve Schofield Windows Server MVP - IIS ASPInsider Member - MCP http://www.orcsweb.com/ Managed Complex Hosting #1 in Service and Support "WES" <tampawayn***@yahoo.com> wrote in message news:1151592080.902848.100960@j72g2000cwa.googlegroups.com... >I have an automated job on an IIS 4&5 server that generates .pdf > reports to users directories. The users each have seperate unique > logins to their respective directories. The users logins ARE NOT > Windows domain accounts. The user accounts are assigned through a > proprietary application that also generates the reports. I need to be > able to audit/monitor when a user logs in and views thier reports. > Other than typical Windows server object access monitoring in the > security logs is there a way to capture when the pdf file was opened? > Also can I log either the computer name of the PC accessing or the IP > of the computer accessing the documents? > > thanks for reading and I appreciate any info anyone can provide > 
Other interesting topics
Is there a way to avoid/security alert box from redirecting to HTTP to HTTPS?
Can Somone Tell Me If We Have a Hacker? A little help (kerberos, netbios, and SPN... oh my!) login problem with iis and webdav. security error in IIS logs (401.2 error) Keeping a particular intruder out The IIS service does not seem to be serving up .asmx or .asp pages Filtering Query String New HTTPS web site and certificate installation file security/authentication |
|||||||||||||||||||||||
