After you have installed and configured you SolarWinds Log & Event Manager Agents, optimize your SolarWinds LEM deployment by tuning Windows to log the specific events you want to see in your SolarWinds LEM Console and store on your SolarWinds LEM database. Use the recommendations below to get started with this tuning process.
Open Administrative Tools > Local Security Policy.
Expand Local Policies and click Audit Policy in the left pane.
Select Audit object access in the right pane, and then click Action > Properties.
Select Success and Failure.
Close the Local Security Policy window.
To enable file auditing on a file or folder in Windows:
Locate the file or folder you want to audit in Windows Explorer.
Right-click the file or folder and then click Properties.
Click the Security tab.
Click the Auditing tab.
If you are using Windows Server 2008, click Edit.
Enter the name of a user or group you want to audit for the selected file or folder, and click Check Names to validate your entry. For example, enter Everyone.
Select Success and Failure next to Full control to audit everything for the selected file or folder.
Optionally, clear Success and Failure for unwanted events, such as:
Read extended attributes
Write extended attributes
Click OK in each window until you are back at the Windows Explorer window.
Repeat these steps for all files or folders you want to audit.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community.
More than 150,000 members are here to solve problems, share technology and best practices, and directly
contribute to our product development process.
Learn more today by joining now.