I am currently setting up a file server with win2k8 server r2 (storage server) I was wondering is there something I can use to audit/log what happens?
For example
JSmith moved Folder1 to Root. JSmith created XYZ folder.
etc. Directory Monitor doesn't show users (which is important) http://www.deventerprise.net/Projects.aspx
Obviously something with low overhead would be awesome too.
Thanks in advance
If you are open to spending a little bit of money to get reports that are easily generated and easy to read, I highly recommend File System Auditor by Scriptlogic.
http://www.scriptlogic.com/products/filesystemauditor/
This software lets you create custom reports showing any activity in any folder, by any user, and any type of event. It is orders of magnitude easier to read and use than the default auditing built into Windows Server. I use it on my file server which is running Server 2003 but I am sure it will run great on 2008 as well.
You can enable auditing on Windows Server and use Logparser to parse the logs to suit your needs. Logparser is a free tool from Microsoft. It allows you to parse *.evt logs to any format you like (fixed column length, csv, txt, graphs etc.). The SQL like syntax is very flexible in extracting the relevant information.
You need to turn on Auditing on. Check the following link for a an explanation of how to enable auditing and track what is happening. Overhead should not be an issue if properly set up, ; ex add only certain users in the audit versus everyone.
http://www.intelliadmin.com/index.php/2008/03/use-auditing-to-track-who-deleted-your-files/
for nice reporting use http://www.eventlogxp.com/
Hope this helps!
This might be what you are looking for: Win Server 2008
This solution involves turning on Windows Server built in Audit policy for files and folders.
Excerpt:"To enable file and folder auditing for a single server, select Start -> All Programs -> Administrative Tools -> Local Security Policy"