Requirements
Operating systems
FileAudit supports the following operating systems for Audit service installation (as for Console installation):
- Windows 11
- Windows Server 2022
- Windows Server 2019
- Windows Server 2016
- Windows 10
- Windows Server 2012 R2
- Windows 8.1
- Windows Server 2012
- Windows 8
- Windows Server 2008 R2
- Windows 7
The .Net Framework 4 is required.
Take note that retrieving the IP address of the computer from which the access attempt has been performed through the network is supported for Windows 2008 R2 or higher File servers.
Hard disk
FileAudit installation files and folders require 60 MB of free hard disk space.
Additionally you have to consider the disk space consumed by the database to keep the file access events history: an access event audited by FileAudit consumes 0.5 KB of disk space when saved in the database. You can easily estimate the evolution of the database size by multiplying this value by the average number of access (known or observed during the test phase).
Database
FileAudit supports the following database systems:
- Microsoft Access database file (mdb)
- Microsoft SQL Server Express 2008/2008 R2/2012/2014/2016
- Microsoft SQL Server 2008 and newer
- MySQL 5.6 and higher
- SQLite
To facilitate FileAudit evaluation, the installation package integrates an "SQLite database" to archive all file access events.
We invite you to check the database size evolution during the first days using FileAudit to confirm that the database system you have chosen is correctly designed for your environment.
Take note:
-
An access event audited by FileAudit consumes 0.5 KB of disk space when saved in the database. You can easily estimate the evolution of the database size by multiplying this value by the average number of access (known or observed during the tests phase).
-
FileAudit provides some tools to manage the database size evolution.
Protocols & ports
FileAudit requires that these two protocols be authorized from the FileAudit service to the target audited systems:
- File and Printer Sharing for Microsoft Networks - SMB TCP 445
- ICMP - Ping
The Fileaudit service is configured by default as a "LocalSystem" account in order to scan the Microsoft Security logs of the local machine audited.
In the case of a remote machine audit, please note that this scan process requires at least local administrator privileges on the target machine, in which case you will need to add the appropriate account in the following section : Accounts
Please also ensure that 'Remote Event Log Management' (Windows 2008 and higher) is enabled in the Firewall Exceptions list.
The FileAudit console uses by default the TCP port 2000 to connect remotely to a FileAudit service. This specific port can be modified on the 'Service' settings.
When connecting FileAudit service to a remotely server, the Remote registry service must be enabled and started on the remotely audited system.
In the Windows Firewall, ensure that the "Remote Event Log Management" feature is allowed.
In case of Cloud Provider auditing TLS 1.2 is required.
Security log size
In order to allow FileAudit to properly scan the audit logs, ensure that the security log contains at least a half hour of data. To do this, we recommend setting the security log size at 250MB.
Display resolution
FileAudit requires a minimum resolution of 1024 x 768.
FileAudit has certain limitations in cluster environments. It can only work with failover clusters (active/passive nodes). When the node changes, FileAudit needs to reconfigure the correspondence between drives names and their logical names via a manual operation.
Advanced:
If you have a large amount of servers to audit (15+), please open a ticket with our support team with details of your environment to confirm if additional requirements are needed for an optimal installation.