Network logging

[Shiromagius]

I was wondoring if anyone knew of a product that could log who accessed your computer remotely (through network shares) and also log what was transferred in that session. I would like it to log all users that accessed it (either by IP or computer name) and what they did. I know there is a section in Computer Management where you can see the current users connected to your computer and what they are downloading/uploading from you, but it doesnt log. Any ideas?

[JacKDynne]

Shiromagius,

You could probably use a network sniffer (like sniffer pro from computer associates) to log all traffic on your local net; it might be overkill but would get the job done...

/JD

[Cactus]

Well,

If your computer shares are accessed remotely, I guess you've got your security not set tight enough. It seems you've gave the group "Everyone" rights on your shares and NTFS access rights.

This way it's very hard to control who accesses the shares, and Windows doesn't have an option build in (I know of) that can log these connections. Like /JD sais, you'll need a network sniffer to log this.

Better just to tighten your security, so only authenticated people can access you shares. And then Windows has got it's own logging mechanisme: auditing. You can configure it so every connection made to any share will be logged in the auditing logs. Be carefull though not to log to much; your machine will be busier logging things thaen actualy serving shares

Hope this helps.