Logmanager documentation
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Logmanager documentation
  2. /
  3. Log source devices configuration
  4. /
  5. Microsoft Windows File Share Audit

Microsoft Windows File Share Audit

Microsoft Windows supports auditing access to shared folders and files. This audit can be configured so that the audit log could be sent to the Logmanager server.

Following conditions must be met for proper function:

  • It is necessary to have WES installed on a server, where is a file share folders – more in chapter Microsoft Windows Event Sender (WES)
  • Set up auditing of file share folders

Audit of file share folders

  1. Run Local Security Policy configuration console with command secpol.msc.

  2. Choose Advanced Audit Policies Configuration ‣ System Audit Policies - Local Group Policy Object ‣ Object Access.

    File access audit

    File access audit

  3. Activate settings Success and Failure: in following items in section Configure the following audit events.

    • Audit Detailed File Share
    • Audit File Share
    • Audit File System
    Audit Detailed File Share Properties

    Audit Detailed File Share Properties

After saving the options, audit logs will start sending to the Logmanager server.