Go Up
You are here: AdministrationMonitoring PlansManage Data SourcesFile Servers

File Servers

Complete the following fields:

Option Description

Monitor this data source and collect activity data

Enable monitoring of the selected data source and configure Netwrix Auditor to collect and store audit data.

Specify actions for monitoring

Specify actions you want to track and auditing mode. Review the following for additional information:

Changes
Successful Use this option to track changes to your data. Helps find out who made changes to your files, including their creation and deletion.
Failed Use this option to detect suspicious activity on your file server. Helps identify potential intruders who tried to modify or delete files, etc., but failed to do it.
Read access

Successful

Use this option to supervise access to files containing confidential data intended for privileged users. Helps identify who accessed important files besides your trusted users.

NOTE: Enabling this option on public shares will result in high number of events generated on your file server and the amount of data written to the AuditArchive.

Failed

Use this option to track suspicious activity. Helps find out who was trying to access your private data without proper justification.

NOTE: Enabling this option on public shares will result in high number of events generated on your file server and the amount of data written to the AuditArchive.

NOTE: Actions reported by Netwrix Auditor vary depending on the file server type and the audited object (file, folder, or share). The changes include creation, modification, deletion, moving, etc. To track the copy action, enable successful read access and change auditing. See Monitored Object Types, Actions, and Attributes for more information.

Specify data collection method

You can enable network traffic compression. If enabled, a Compression Service will be automatically launched on the audited computer, collecting and prefiltering data. This significantly improves data transfer and minimizes the impact on the target computer performance.

Configure audit settings

You can adjust audit settings automatically. Your current audit settings will be checked on each data collection and adjusted if necessary.

NOTE: This method is recommended for evaluation purposes in test environments. If any conflicts are detected with your current audit settings, automatic audit configuration will not be performed.

Do not select the checkbox if you want to configure audit settings manually. For a full list of audit settings required to collect comprehensive audit data and instructions on how to configure them, refer to Configure IT Infrastructure for Auditing and Monitoring.

Some settings cannot be configured automatically. Netwrix Auditor has the following limitations depending on your file server type.

File Server SACL Check SACL Adjust Policy Check Policy Adjust Log Check Log Adjust
Windows + + + + + +
EMC Celerra + + + +
EMC Isilon n/a n/a + n/a n/a
NetApp Data ONTAP 7 and 8 in 7-mode + + + + + +
NetApp Clustered Data ONTAP 8 and ONTAP 9 + + + +

Collect data for state-in-time reports

Configure Netwrix Auditor to store daily snapshots of your system configuration required for further state-in-time reports generation.

When auditing file servers, changes to effective access permissions can be tracked in addition to audit permissions. By default, Combination of file and share permissions is tracked. File permissions define who has access to local files and folders. Share permissions provide or deny access to the same resources over the network. The combination of both determines the final access permissions for a shared folder—the more restrictive permissions are applied. Upon selecting Combination of file and share permissions only the resultant set will be written to the Audit Database. Select File permissions option too if you want to see difference between permissions applied locally and the effective file and share permissions set. To disable auditing of effective access, select all checkboxes under Include details on effective permissions.

In the Manage historical snapshots section, select the snapshots that you want to import to the Audit Database to generate a report on the data source's state at the specific moment in the past. Move the selected snapshots to the Snapshots available for reporting list using the arrow button. You must be assigned the Global administrator or the Global reviewer role to import snapshots.

NOTE: The product updates the latest snapshot on the regular basis to keep users up to date on actual system state. Only the latest snapshot is available for reporting in Netwrix Auditor. If you want to generate reports based on different snapshots, you must import snapshots to the Audit Database.

Review your data source settings and click Add to go back to your plan. The newly created data source will appear in the Data source list. As a next step, click Add item to specify an object for monitoring. See Add Items for Monitoring for more information.

NOTE: Netwrix Auditor supports auditing of DFS and clustered file servers provided that Object Access Auditing is enabled on DFS file shares or every node belonging to the cluster correspondingly.

  • When adding a clustered file server for auditing, it is recommended to specify a Computer item and provide FQDN name.
  • When adding a DFS file share for auditing, specify a Windows file share item and provide the UNC path. For example: "\\domain\dfsnamespace\" (domain-based namespace) or "\\server\dfsnamespace\" (in case of stand-alone namespace).

Go Up