Monitoring Files for Changes
Note: This Feature is Available in Open-AudIT Enterprise ONLY
For auditing and security purposes it can be advantageous to monitor individual files or all files in a folder, for changes. Open-AudIT Enterprise has the ability to audit files on both Windows and Linux operating systems.
- Identify the files/folders you are interested in monitoring.
- We recommend starting with an individual file to test and understand how the system works
- Document the file name and extension with full path; i.e. /usr/local/nmis8/conf/Config.nmis, for example
- Paths and filenames are case sensitive if the OS hosting the file is (Linux for example)
- Create an individual entry for each File/Folder
- Select Discover -> Files -> List Files from the Open-AudIT Enterprise menu
- To create a new entry click the "+" button in the top-right hand corner
- The path should be the fully qualified path to the file along with the full file name and extension. Wildcard characters are not supported at this time. For Windows files, the path must include the drive letter.
- More information on Files can be found HERE: Files
- Determine how often you want to be notified of changes to the files/folders and create a Scheduled Report
- Open-AudIT ships with a report specifically for changes to monitored files; select Report -> Changes -> Files from the menu
- This report can be edited or a copy made to display any additional attributes you need. This process is covered HERE: Queries
- Once you've identified the Queries you want to run and adjusted them to include the information you need you can schedule them to run on whatever schedule makes the most sense. Keep in mind, however, that all Queries are running off information contained in the database and not checking for changes to the files themselves. As a result, you should schedule your reports to run at some time after your Discoveries are done running. More information on scheduling your File Change report can be found HERE: How to Schedule Tasks in Open-AudIT