Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Log & Event Manager (LEM) > SolarWinds LEM 6.3 User Guide > Additional LEM Configuration and Troubleshooting Information > Monitor important Windows files, folders, and registry keys with LEM

Monitor important Windows files, folders, and registry keys with LEM

Table of contents
No headers
To monitor sensitive files and folders on a Windows computer, enable file auditing. You can configure file auditing to log an event any time a user accesses, modifies, or deletes an audited file. For best results only audit the specific files and folders that you want to monitor. Enabling auditing on unimportant files and folders creates an unnecessary burden on your LEM appliance. 
 

Please note that FIM does not support the monitoring of network shares. Only local drives are supported.


There are two ways to enable file auditing in Windows: Method one uses LEM File Integrity Monitoring (FIM). Method two uses native Windows auditing. Both methods require that you have the LEM Agent installed on the Windows instance that you are monitoring. To audit files, SolarWinds recommends that you enable auditing on a file server. You can also enable auditing on client machines if needed, however. 

To get started, choose one of the following methods (but not both).
 

Method 1

  1. Open the LEM Console and choose Manage > Nodes.
  2. Click next to an agent whose files you want to monitor, then select Connectors.
  3. Search for File Integrity Monitoring (FIM) in the Refine Results pane. 
  4. Click next to the connector, then select New to create a new FIM connector for this agent. 
  5. You can choose a predefined template from the Monitor Templates pane, or create a custom monitor by performing the following steps:
    1. Click Add Custom Monitor in the Selected Monitors pane.
    2. Assign a name and description (optional).
    3. Click Add New Button.
    4. Click Browse to search for the directory that you want to monitor, then click OK.
    5. Specify which kind of files you want to monitor in the with mask field.
    6. Select the operations that you want to monitor, then click Save.
    7. Repeat steps a through f for every directory or file type that you want to monitor.
    8. Click Save.

    The new monitor appears in the Selected Monitors pane.

You have the option to promote this custom monitor to a template.

You can create a Connector Profile under Build > Groups to allow a common group of connector configurations for agents that will be placed under this profile.
 

Method 2

If you do not want to use File Integrity Monitor (FIM), enable native Windows auditing using the following steps. If Windows is logging the events and your server has a LEM Agent installed on it, your LEM Console will start displaying the new file auditing alerts immediately.

  1. Locate the file or folder that you want to audit in Windows Explorer.
  2. Right-click the file or folder, and then click Properties.
  3. Click the Security tab, and then click Advanced.
  4. Click the Auditing tab.
  5. If you are using Windows Server 2008, click Edit.
  6. Click Add.
  7. For the selected file or folder, enter the name of a user or group that you want to audit.
    For example, enter Everyone.
  8. Click Check Names to validate your entry, and then click OK.
  9. Select Success and Failure next to full control to audit everything for the selected file or folder.
  10. (Optional) Clear Success and Failure for unwanted events, such as:
    • Read attributes
    • Read extended attributes
    • Write extended attributes
    • Read permissions
  11. Click OK in each window until you are back at the Windows Explorer window.
  12. Repeat these steps for all of the files or folders that you want to audit.
 

 

Last modified
10:20, 27 Sep 2017

Tags

Classifications

Public