File access auditing


Published on

PA File Sight 4.1
PA File Sight will help you determine who is reading from and writing to important files. It can tell you when a new file or folder is created or renamed. And, when a file or folder gets deleted, PA File Sight can tell you who did it. Plus, you can often find out what program was used to perform the action.

Published in: Technology, Design
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

File access auditing

  1. 1. File access auditing... ...without the painPA File Sight 4.1PA File Sight will help you determine who is reading from and writing to important files. It cantell you when a new file or folder is created or renamed. And, when a file or folder gets deleted,PA File Sight can tell you who did it. Plus, you can often find out what program was used toperform the action.Besides file access auditing and logging actions, the Ultra Edition helps you further by providinghistorical reports to help see what happened the earlier, whether you chose to be notified or not.AND it lets you alert on user usage patterns (reading X files in Y time for example) to helpdetect file copying activity.
  2. 2. File Auditing FeaturesMonitor: • All files or just a subset • File and folder creation, deletion, access (reads), changes (writes) • File and folder permission changes • Successful actions and well as failures • Real-time monitoring that does not require enabling system audit eventsAlert Details: • Date and time of action • Target file and folder • User account, including domain • Activity that was done to the fileNotification Responses: • Email message • SMS text message • SNPP pager, etc.
  3. 3. • Record to a log file • Run a program • Write to a database for later reports (Ultra only) • Reports in text, HTML, .CSV or PDF formats Remote MonitoringRemote MonitoringMonitoring remote servers, even across the firewalls and the InternetSNAP TunnelsSafely send data to remote networks using SNAP TunnelsRemote SupportSecurely connect to monitored servers with Remote Desktop even through firewalls and acrossthe Internet with PA File Sight Monitors File Sight MonitorThe File Sight monitor watches real time file access by users and programs. You can configurewhich files it watches, and how you are notified when a particular operation (file read, write,delete, etc) occurs.The Ultra version also lets you:* Record the file access operations to a database for reporting (by user, by file, by operation,etc)* Alert on user usage patterns (ie user reads X amount of data in Y timeNOTE: This monitor can ONLY monitor drives on the local computer. Watching files onremote computers requires that the PA File Sight service (or a Satellite) be installed on theremote computers. Call URLThis action will call a URL you specify, optionally posting information about the current alert.This makes it easy to connect to a helpdesk/ticketing system.
  4. 4. Dial-Up ConnectionConnects or disconnects a Windows Dial-up Connection. Typically this is for servers that arenot on the Internet, but need to connect to send alerts. E-mail AlertSends SMTP email messages to mail boxes, cell phones, mobile devices, etc. The E-mail actionhas Alert Digests which are a powerful/friendly feature that combines multiple alerts thathappen within a short time into a single email notification. This can be very helpful whensomething goes really wrong. You can easily specify when messages should be sent orsuppressed. Execute ScriptSimilar to the Execute Script monitor, this Action lets you extend the list of available actions viayour own script written in VBScript. Many variables from the source monitor are also availablefor creating rich, situation-specific responses. Message BoxA simple message box that displays monitor findings. These message boxes are smart: if thereare many pending alerts you can easily dismiss them all at once. Monitor-Directed EmailThe monitor which detects a problem specifies the email address to use for each alert. This isvery useful when sending reminders and alerts to end users such as with the User Quota Monitorand the Directory Quota Monitor. Network Message (Net Send)Sends a message box containing the critical monitor details to every place that you are loggedin. Pager Alert via SNPPSend monitor results to pagers via standard Simple Network Paging Protocol (SNPP). You caneasily specify when messages should be sent or suppressed, and the content of the message. Phone Dialer (DTMF/SMS)Dials a modem/phone and optionally sends DTMF commands or other commands (to send SMSmessages for example). This is typically used by a disconnected server to send an alert over anormal phone line (where the CallerID identifies the server)
  5. 5. Play SoundAudible alert when monitors detect a problem with the server. Reboot ServerReboots the server if a monitor has detected a critical system failure. SMS Text MessageSend SMS text messages to your mobile device via your service providers SMS Internetgateway (SMPP server). You can control which information gets sent, as well as when messagesare allowed. SNMP TrapSends an SNMP Trap with details from the monitor firing the action Start ApplicationStarts a specified application when the monitor triggers actions Start ServiceSends control messages to the Windows Service Control Manager to start, stop or restart aspecified service. SyslogSends monitor alerts to a Syslog server on the network Write to Event LogWrites monitor details to the Windows Event Log. Write to Log FileLog the findings of any triggered monitor to a file. Separate files can be created for each day,week, month, etc.
  6. 6. Reporting FeaturesHTTP accessible reportsReports are generated in HTML and accessible from within the PA File Sight Consoleapplication, or from a web browserPassword ProtectionPassword protect web reports in PA File SightServer StatusEasily see at a glance the state of your server along with system statisticsGroup SummarySee a one line status indicator per server to see at a glance how the servers in your data centerare doing. Per-group status reports are also supported.All Errors ReportThe All Errors report show all recent errors on all monitors on all servers/devices within agroup. This is a good place to quickly get a detailed view of any problems happening on thenetwork.All Servers ReportThis report shows all of your servers in a group in a single page. Each server is a small box thatis color coded according to the status of the monitors on that server.Visual Status MapSee a graphical map that contains status indicators that show you at a glance how servers indifferent geographic regions are doing.Satellite StatusQuickly see the current status of an individual Satellite Monitoring Service.Satellite SummariesTwo reports that let you see the status of all of the Satellites at once.Ad Hoc ReportsGenerate reports on the fly to quickly see graphical trendsScheduled ReportsYou can create scheduled reports which will get created when you want them, and optionallyemail the report to a list of recipients. Scheduled report URLs are stable so you can add them toyour Favorites list to quickly and easily see the latest results.Group Settings
  7. 7. Group summary reports can be specified and controlled in a per-group way. In addition, groupreports can be automatically emailed to anyone that needs to keep track of the servers.System Activity LogQuickly see which monitors are running, how long they are taking, which actions are being firedand more. Other FeaturesAutomated Maintenance ScheduleWhile a computer is in maintenance mode, PA File Sight wont run monitors. It will turn itselfback on automatically after the maintenance window expires if you manually enteredmaintenance mode, or it can automatically enter and leave maintenance mode on a schedule.Bulk ConfigurationPerform changes of settings in actions, monitors, reports and scheduling for several servers atone time, or copy configuration settings to other servers.Configuration SecurityPassword protect the PA File Sight Console, and alert on changes that could affect monitoring.Database OptionsEasily point PA File Sight at the embedded SQLite database or use an external Microsoft SQLServer.Easy DeployPaste a list of servers or IP address from the local network into a list and let PA File Sightsilently deploy the Satellite Monitoring Service to those machines for you.Easy to Use and Configure"...hands down the most straight-forward, uncluttered and effective monitoring tool I have used"- A satisfied customerEmbedded HTTP ServerControl the HTTP port that PA File Sight uses, and optionally enable HTTPS (SSL)Error AuditingKeep track of which errors have been reviewed and acknowledged. Also a great way foradministrators to have an overview of any errors within their area of responsibility.External APISend basic configuration requests to the product via an HTTPS URL.Runs as a servicePA File Sight is composed of a console that you interact with, and a system service that is
  8. 8. started when the computer boots up and is always running in the background.Server GroupingGroup servers together in visual groups to help keep track of them. Group-based status reportsare also available.Simple BrandingEasily brand PA File Sight to have your name and graphics by simply dropping a couple of filesinto the installation directory. See BrandingSimple InstallationTakes less than 3 minutes to install and get a default installation customized for your system. 5/4/2012 X JAYANTA SEN Manager Business Administratio