Improved File Auditing Performance
Windows stores a great deal of information about what is happening on a given File System. It keeps information in the event logs for just about every action that happens to a file or folder.
File System Access Logs however provide too much data, get large quickly and can place overheads on the server slowing down performance.
By optimizing the native Microsoft audit, FileAudit takes advantage of this information and presents it in a useable format to find answers you need from audited access events.
Keeping only relevant Access Events
FileAudit optimizes the NTFS audit on folders and files to reduce the amount of generated events by 80% (compared to a basic NTFS audit configured to monitor all types of access for all users). FileAudit then keeps only the events that are relevant (approx. 30%) for inclusion in its centralized database.
During this process, no useful information is lost: only meaningless events are discarded.
Excluding additional Access Events
FileAudit also allows you to exclude certain events from the audited access events within its settings configuration.
Exclude specific files from being audited within a folder such as .exe files or exclude users from audit.
By filtering out program access events (such as backup tool, anti-virus or search engine) or files maching specific name masks (e.g. temporary files with *.tmp pattern) FileAudit stops your data becoming polluted and keeps the audit trail more meaningful.
An audit tool that discards meaningless events and keeps only the relevant access events for monitoring improves file auditing performance and scalability.
Real Time Monitoring places no unnecessary storage requirements on the Server
Unlike native Auditing which consumes significant resources on the file servers; real time monitoring means FileAudit collects information without impacting space, avoiding any performance problems.
Once a path is set to audit, all access events are detected, displayed and saved into a database in real time.