File Servers
Complete the following fields:
Option | Description | |||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Monitor this data source and collect activity data |
Enable monitoring of the selected data source and configure Netwrix Auditor to collect and store audit data. |
|||||||||||||||||||||||||||||||||||||||||||||||||
Specify actions for monitoring |
NOTE: Actions reported by Netwrix Auditor vary depending on the file server type and the audited object (file, folder, or share). The changes include creation, modification, deletion, moving, etc. To track the copy action, enable successful read access and change auditing. |
|||||||||||||||||||||||||||||||||||||||||||||||||
Specify data collection method |
NOTE: To collect data from 32-bit operating systems, network traffic compression must be disabled. To collect data from Windows Failover Cluster, network traffic compression must be enabled. See File Servers for more information. |
|||||||||||||||||||||||||||||||||||||||||||||||||
Configure audit settings |
NOTE: This method is recommended for evaluation purposes in test environments. If any conflicts are detected with your current audit settings, automatic audit configuration will not be performed.
Some settings cannot be configured automatically. Netwrix Auditor has the following limitations depending on your file server type.
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Collect data for state-in-time reports |
Configure Netwrix Auditor to store daily snapshots of your system configuration required for further state-in-time reports generation.See State–in–Time Reports for more information. When auditing file servers, changes to effective access permissions can be tracked in addition to audit permissions. By default, Combination of file and share permissions is tracked. File permissions define who has access to local files and folders. Share permissions provide or deny access to the same resources over the network. The combination of both determines the final access permissions for a shared folder—the more restrictive permissions are applied. Upon selecting Combination of file and share permissions only the resultant set will be written to the Audit Database. Select File permissions option too if you want to see difference between permissions applied locally and the effective file and share permissions set. To disable auditing of effective access, unselect all checkboxes under Include details on effective permissions. In the Manage historical snapshots section, you can click Manage and select the snapshots that you want to import to the Audit Database to generate a report on the data source's state at the specific moment in the past. NOTE: You must be assigned the Global administrator or the Global reviewer role to import snapshots. Move the selected snapshots to the Snapshots available for reporting list using the arrow button. NOTE: The product updates the latest snapshot on the regular basis to keep users up to date on actual system state. Only the latest snapshot is available for reporting in Netwrix Auditor. If you want to generate reports based on different snapshots, you must import snapshots to the Audit Database. |
Review your data source settings and click Add to go back to your plan. The newly created data source will appear in the Data source list. As a next step, click Add item to specify an object for monitoring. See Add Items for Monitoring for more information.
NOTE: Netwrix Auditor supports auditing of DFS and clustered file servers if Object Access Auditing is enabled on DFS file shares or on every cluster node.
- When adding a cluster file server for auditing, it is recommended to specify a server name of the Role server or a UNC path of the shared folder located on the Role server.
- When adding a DFS file share for auditing, specify a Windows file share item and provide the UNC path of the whole namespace or UNC path of the DFS link (folder). For example:
- "\\domain\dfsnamespace\" (domain-based namespace) or "\\server\dfsnamespace\" (in case of stand-alone namespace);
- "\\domain\dfsnamespace\link" (domain-based namespace) or "\\server\dfsnamespace\link" (in case of stand-alone namespace).
- For recommendations on configuring DFS replication, refer to this Knowledge Base article.