monitor access to docs on IIS
am 29.06.2006 16:41:20 von Wes
I have an automated job on an IIS 4&5 server that generates .pdf
reports to users directories. The users each have seperate unique
logins to their respective directories. The users logins ARE NOT
Windows domain accounts. The user accounts are assigned through a
proprietary application that also generates the reports. I need to be
able to audit/monitor when a user logs in and views thier reports.
Other than typical Windows server object access monitoring in the
security logs is there a way to capture when the pdf file was opened?
Also can I log either the computer name of the PC accessing or the IP
of the computer accessing the documents?
thanks for reading and I appreciate any info anyone can provide
Re: monitor access to docs on IIS
am 30.06.2006 05:50:15 von Steve Schofield
Here are a couple of ideas. You could build custom logging into the
application to write the user name and document access to the Windows Event
log or a custom log file / database. The other option I believe would work
is turn on 'auditing' for 'authenticated users' on the files / folders you
want to track. When a file is accessed it will be logged in the normal
Windows event log. You could use Event Comb to query the logs. Another
tool to query the logs is called Log Parser.
http://www.microsoft.com/technet/security/topics/auditingand monitoring/securitymonitoring/smpgch02.mspx
or http://www.logparser.com Hope that helps.
--
Steve Schofield
Windows Server MVP - IIS
ASPInsider Member - MCP
http://www.orcsweb.com/
Managed Complex Hosting
#1 in Service and Support
"WES" wrote in message
news:1151592080.902848.100960@j72g2000cwa.googlegroups.com.. .
>I have an automated job on an IIS 4&5 server that generates .pdf
> reports to users directories. The users each have seperate unique
> logins to their respective directories. The users logins ARE NOT
> Windows domain accounts. The user accounts are assigned through a
> proprietary application that also generates the reports. I need to be
> able to audit/monitor when a user logs in and views thier reports.
> Other than typical Windows server object access monitoring in the
> security logs is there a way to capture when the pdf file was opened?
> Also can I log either the computer name of the PC accessing or the IP
> of the computer accessing the documents?
>
> thanks for reading and I appreciate any info anyone can provide
>
Re: monitor access to docs on IIS
am 30.06.2006 05:50:15 von Steve Schofield
Here are a couple of ideas. You could build custom logging into the
application to write the user name and document access to the Windows Event
log or a custom log file / database. The other option I believe would work
is turn on 'auditing' for 'authenticated users' on the files / folders you
want to track. When a file is accessed it will be logged in the normal
Windows event log. You could use Event Comb to query the logs. Another
tool to query the logs is called Log Parser.
http://www.microsoft.com/technet/security/topics/auditingand monitoring/securitymonitoring/smpgch02.mspx
or http://www.logparser.com Hope that helps.
--
Steve Schofield
Windows Server MVP - IIS
ASPInsider Member - MCP
http://www.orcsweb.com/
Managed Complex Hosting
#1 in Service and Support
"WES" wrote in message
news:1151592080.902848.100960@j72g2000cwa.googlegroups.com.. .
>I have an automated job on an IIS 4&5 server that generates .pdf
> reports to users directories. The users each have seperate unique
> logins to their respective directories. The users logins ARE NOT
> Windows domain accounts. The user accounts are assigned through a
> proprietary application that also generates the reports. I need to be
> able to audit/monitor when a user logs in and views thier reports.
> Other than typical Windows server object access monitoring in the
> security logs is there a way to capture when the pdf file was opened?
> Also can I log either the computer name of the PC accessing or the IP
> of the computer accessing the documents?
>
> thanks for reading and I appreciate any info anyone can provide
>