WatchDirectory home page
WatchDirectory Startseite (Deutsche Version)
Site WatchDirectory (Français)
  Welcome, Guest. Please Login or Register
YaBB - Yet another Bulletin Board
   
  HomeHelpSearchLoginRegister  
 
Page Index Toggle Pages: 1
Events recorded in Security log but not in WD (Read 4406 times)
SimonDMZ
YaBB Newbies
*
Offline



Posts: 4
Events recorded in Security log but not in WD
Nov 27th, 2005 at 4:41am
 
I have set up WatchDirectory on a W2K domain server. Local Security settings (as initially set up in Global) show Audit Object Access as Success and Effective Setting as Success. On creating a file or a folder in the monitored directory, many event logs are written about the creation in the Security log. However, although watchDirectory reports in the column ‘Last Message’ about (say) the file created by its filename, the message says “No auditing info found for file/directory e:\private\new text document.txt”.  And no report is written in the designated report folder.

Any help would be appreciated!
Back to top
 
 
IP Logged
 
Gert
YaBB Administrator
*****
Offline



Posts: 2225
The Netherlands
Re: Events recorded in Security log but not in WD
Reply #1 - Nov 27th, 2005 at 6:36am
 
Is this E:\Private folder on the same computer as where watchDirectory is running. I mean: really connected to that computer? If E: is a mapped drive of some kind, you need to monitor it using it's UNC name (\\Server\share on http://www.watchdirectory.net/wdhelp/help/wdnewconfigpage0.html ) and enter the "local directory" on the "who did it" panel ( http://www.watchdirectory.net/wdhelp/plugins/wdopAuditInfo.html ).

Also make sure you have properly setup the auditing entries for the specific directory (e:\Private - http://www.watchdirectory.net/wdhelp/plugins/wdopAuditInfoConf.html ).

Gert
Back to top
 

Gert Rijs - gert (at) gdpsoftware (dot) com
Blog: http://blog-en.gdpsoftware.com/
End Alzheimer's: http://www.alz.org&&...
WWW WWW GdPSoftware  
IP Logged
 
SimonDMZ
YaBB Newbies
*
Offline



Posts: 4
Re: Events recorded in Security log but not in WD
Reply #2 - Nov 28th, 2005 at 11:58am
 
Thanks for coming back to me so quickly Gert.

E:\ is a physical drive and the directory Private is one of the shared directories that I would like to monitor. The auditing setup is exactly as you document.

I enclose an image of three screenshots to illustrate:- (a) the Local Security Setting ‘audit object access’ entr; (b) the error message in the WD control when I add a test sound wave to the folderand (c)is the log of the addition of that file in the Security Event log.

So by the fact that it is logging and that it says in the Security Settings that the effective setting is enabled, indicates that it is correctly configured. Yes?

Could I have overlooked something?

Regards, Simon
Back to top
 
 
IP Logged
 
Gert
YaBB Administrator
*****
Offline



Posts: 2225
The Netherlands
Re: Events recorded in Security log but not in WD
Reply #3 - Nov 28th, 2005 at 4:20pm
 
Your screenshot doesn't show if you also enabled auditing for the directory itself:
...
The above are my settings for a local folder (d:\auditmeforfilesanddirs).

Gert
Back to top
 

Gert Rijs - gert (at) gdpsoftware (dot) com
Blog: http://blog-en.gdpsoftware.com/
End Alzheimer's: http://www.alz.org&&...
WWW WWW GdPSoftware  
IP Logged
 
SimonDMZ
YaBB Newbies
*
Offline



Posts: 4
Re: Events recorded in Security log but not in WD
Reply #4 - Nov 28th, 2005 at 5:42pm
 
That's pretty much how I am set up. See enclosed Screen Shot.
Regards, Simon
Back to top
 
 
IP Logged
 
Gert
YaBB Administrator
*****
Offline



Posts: 2225
The Netherlands
Re: Events recorded in Security log but not in WD
Reply #5 - Nov 28th, 2005 at 5:53pm
 
Yup, I guess that should do it.

Can you email me
C:\Documents and Settings\All Users\Application Data\watchDirectory\YOURTASKNAME.config
(replacing YOURTASKNAME with the name you gave this task)
so I can review your settings.

Gert
Back to top
 

Gert Rijs - gert (at) gdpsoftware (dot) com
Blog: http://blog-en.gdpsoftware.com/
End Alzheimer's: http://www.alz.org&&...
WWW WWW GdPSoftware  
IP Logged
 
SimonDMZ
YaBB Newbies
*
Offline



Posts: 4
Re: Events recorded in Security log but not in WD
Reply #6 - Dec 2nd, 2005 at 11:11am
 
Thanks Gert your fix resolved the issue!

Here’s a synopsis of what happened:-

The Security Event log showed that the folder audit properties were set correctly as events were being created and logged every time a file/folder was added or deleted.  However, the watchDirectory Control Center reported (in this case, when adding a new file ‘New Wave Sound.wav’ to the directory Private) that “No auditing info found for file/directory e:\private\new wave sound.wav”

The config file Gert requested was setup correctly. However, the Event Properties screen posted above, showed something different from the normal.  The E:\ drive and the folder being monitored was not being represented as E:\Private but as \Device\HarddiskDm\Volumes|PhysicalDmVolumes\BlockVolume1\Private\

The config file was amended in Notepad and the line  
remotedir=  
was changed to
remotedir=\Device\HarddiskDm\Volumes|PhysicalDmVolumes\BlockVolume1\Private\

And all goes well.  The directory and the many sub-directories are all being monitored.

The E:\ drive is a mirrored set (Dynamic Disk) and W2K had created a different drive mapping reference which the setup GUI (as yet!) doesn’t recognise

The program is excellent.  Task History shows in-depth clear detail. Thanks for your support and all your hard work Gert!  Highly recommended.   Wink
Back to top
 
 
IP Logged
 
Page Index Toggle Pages: 1