Protect sensitive documents
ScriptLogic's File System Auditor (FSA) logs file-system access and records the data in a Microsoft SQL Server 2000 or MSDE 2000 database. FSA is a big improvement over native Windows file-audit features. FSA defines 16 file-system events from the user's perspective—for example, creating or reading files or folders, and Access Denied events.
FSA consists of a server component, which you install on each system you want to audit, and a console component, which you use to display audit data and create reports. I began by installing FSA and its MSDE database on a Windows 2000 Server machine, then set up the console component on an XP system. Next, I installed FSA on two other systems and configured them to use the MSDE database on the Win2K Server system. Using the Service Configuration Utility (SCU) on each server, I configured auditing for several folders within file shares. You can limit the volume of audit data that FSA records in a number of ways: by event type, by file-name mask, and by the program or process that's accessing the file system. Opening files in the audited directories generated my test data.
From the console program, I ran a default report—All Records Selected—and found what I was expecting to see. The selective reporting features let me focus on specific users and servers. The console program lets you schedule recurring reports, which FSA will then email to you in PDF format. FSA supports near-real-time reporting with its ability to run and email reports as frequently as every five minutes.
FSA has a few rough edges, as you might expect from a version 1.0 product, but the product excels in a few key areas. It's easy to implement, easy to use, and far superior to Windows' native file-audit logs.
PROS: Logs file-access events according to rules you set up; implements a central repository for multiple servers