A closer look at LepideAuditor for File Server

Organizations host file servers to store critical data to and valuable information about its business, customers, and employees. Access to file servers is authorized only for a few trusted users, but if any of them turns out to be a malicious intruder, how can we detect and track his or her suspicious activities? The answer is file server configuration change auditing. But, this type of auditing using native tools is not sufficient: there is too much noise, and the format of events is unreadable.

LepideAuditor for File Server is a solution for auditing all Windows file servers and NetApp filers in your network. Like other Lepide products, it is easy to download, install, and use.

Key features:

• It shows both “before” and “after” values of every change, with detailed information on who has made what change, when, and from where.
• Auditing of all Windows file servers and NetApp filers can be performed on a common platform. Auditing logs of each file server can be stored separately in a SQL Server database.
• Long-term storage of logs with scheduled archiving of old logs on a weekly and monthly basis is available.
• It offers completely customizable auditing of file servers and NetApp filers. The software allows the administrator to create customizable object lists, user groups, audit rules, and audit policies, which can be applied separately on each file server.
• Upon detecting critical changes, the software sends instant alerts to the administrator and other recipients.
• It dispatches periodic audit reports on daily, weekly and monthly basis to keep you posted about different aspects like File and Folder Created, File and Folder Creation Failed, Successful Modification, Share created or removed, File Copied, Failed Read Attempts, etc.

The application comes with two separate consoles – the Settings Console and the Report Console. The former lets you manage the auditing of file servers, whereas the later displays the audit reports.

You have to open the Settings Console to begin with file server auditing. To add a file server, provide the IP address, login credentials of an administrative user, and details of a local or networked SQL Server for storing logs. You can specify the custom object listing, audit policy, and audit rule for every added file server.

Figure 1: Audit Policies for an added File Server
LepideAuditor for File Server lets the administrator define a user group to keep a check on their auditing logs. This user group can contain selected Active Directory users and groups. In addition, the administrator can create multiple custom object lists in order to keep a check on particular folders, files, processes, or events. These object lists can be further included in audit policies. When adding an object, he or she can manually insert its name or use the scan feature to list all folders.


Figure 2: Adding Object List
The administrator can add new audit policies in addition to the default ones. When creating an audit policy, the administrator has to add single or multiple object lists and set their priorities.


Figure 3: Creating an Audit Policy
An alert will blink on top of the interface asking you to update the agents on File Servers whenever the administrator updates an object list, user group, or audit policy.

Once an audit policy is created, the next step is to create an audit rule. You can also modify an existing audit rule to incorporate the newly created audit policies. While creating an audit rule, you can select:

1. File servers
2. An audit policy
3. A specific user from a user group
4. Whether to send or not to send alerts via email, SMS, or message to networked computers.


Figure 4: Creating an alert while creating an Audit Rule
Browse “Alert Queries” to create or modify queries based on which you want to send alerts. You can set up instant alerts to be delivered for critical changes, unwanted access, read attempts, permission changes, etc. When creating an alert, you can specify the process name, file mask, file path, or event name. A user can add multiple queries in an alert with the combination of “AND” and “OR”.


Figure 5: Creating an alert query
While starting the software’s Reporting Console for the first time, you have to provide the details of the SQL Server database that you have used earlier to save the auditing logs. You also have to enter the login credentials of a SQL Server user to access that database. Once configured, you can use this console to browse multiple auditing reports for the added file servers.


Figure 6: All Changes Report
Reports displayed in the Report Console can be filtered by:

• Server
• Database
• Time Span
• File Mask
• File Server
• Process
• User
• Event
• Directory.

In addition to filters, you can search for a particular record in the report and sort it per any column. You can also group the report per one or two columns. Reports modified after applying the filters and other features can be saved as Custom Reports.

The administrator can apply the scheduler to receive periodic reports through email on a daily, weekly, and monthly basis. Such reports give a brief to the administrators and other recipients about Permission Changes, File Copied (from networked locations), Changes in Shared Folder, and details of created or deleted Shared Folders.

A free trial of the Enterprise edition of LepideAuditor for File Server is available for 15 days. You can download the setup file, install it, and contact our Sales Team for activating your trial copy. Please make sure to read the system requirements while downloading the software.