I feel like this is going to be one of those blindingly simple/obvious questions - but I gotta ask anyhow.
In the last year or so, we've deployed a Document Management System (iManage by Autonomy) - and we're working to steer users to stop using network drives for their work as a result.
I setup an audit policy to log successful writes to the drive we're currently watching - but I'm finding that going through a Security Event Log line by line is tedious - and doesn't really give me the information I need in any sort of really useable format (plus, I have a "service account" or two I'd like to filter out of the existing results, as it's the #1 user of the network drive at the moment.
My goal would be to get a fairly quick look at:
- Who's using the drive
- What file(s) are they touching
- Are they viewing? Writing? Deleting?
Pretty basic stuff.
If I want to search for a given user, that isn't so bad - but I need to get the aggregate data to be in a format I can drop off on my Boss's desk.
Are there third part tool to help with this? What do people like? Any FREE services?