Begin monitoring and auditing all access events on your files and folders

This tutorial shows how to start monitoring and auditing all access events generated on each chosen Windows Server. FileAudit automatically records all events into a centralized queryable SQL Server database.

Introduction

Hi everyone, welcome to the FileAudit Tutorial. With this video we're going to look how to define the path to monitor in FileAudit.

Explanation

Defining a folder or a share path to audit is exactly the same process as defining a file path. We will run through the folder definition here. To define a folder to audit, click the “Add a folder” tile in the FileAudit hub.

Folder selection

You can directly type the path of the folder or share you want to audit and validate by Enter. Alternatively open the browser by clicking on the button located on the left side of the path field. Select your target folder and validate it.

FileAudit path wizard

The FileAudit path wizard will then pop up to guide you through the audit configuration process. This wizard will highlight any missing requirements or settings about the status of the audit configuration for the selected folder. Click “Next” to launch the different steps.

Enable the object access audit

For each necessary action you have the choice of completing it automatically or manually. We strongly recommend that FileAudit automatic configuration be used for all audit settings. FileAudit requires the NTFS access audit. It will enable it for you on the target machine hosting the folder. Be sure that a GPO is not set to keep this local policy disabled on the file server. Click “Next”.

NTFS audit settings

FileAudit will define and optimize the NTFS audit settings for this folder. Continue to the next step.

FileAudit License

As this is the first path configured for this file server, we need to register it as a licensed server.

Real-time event monitoring

To finish, enable the real-time event monitoring to constantly monitor the access events generated on this server.

Wizard complete

The folder you have selected is now monitored by FileAudit. All access events are from now stored in the database. From here, you can also define an alert for this folder or add an other folder path to monitor. Click on the back arrow to go back to the FileAudit hub.

Audit configuration tile

Every path you will define in FileAudit will be listed into the “Audit configuration” section. You can see all their attributes at a glance. You can also add a folder or file from this section, check the audit configuration, delete a monitored path and manage the current audited machines.

Next video

Let's go back to the FileAudit hub and see in the next tutorial the 'File Access Viewer'.