I currently have C2 auditing turned on for a server, and an audit trace file
gets written to the default database directory every couple of hours. Is
there a way to get C2 auditing to write to a separate database for querying?
And is there also a way to turn C2 on/off without restarting the server?
Is C2 the appropriate tool for internal auditing, or is there a
better tool out there for getting reports, etc?
cross posted to .securitytools
Thanks,
-RSHi,
A normal profiler using the properties windows can save the contents to a
table. I am not sure on how tyo automate this in C2 auditing, because
it craetes seperate files.
And is there also a way to turn C2 on/off without restarting the server?
No.
Is C2 the appropriate tool for internal auditing, or is there a better tool
out there for getting reports, etc?
Yes, But might not be useful for reporting. Take a look into the product
from lumigent
http://www.lumigent.com/Downloads/
Have a look into the below site for more information on c2 Audit
http://msdn.microsoft.com/library/d...-us/adminsql/ad
_security_2ard.asp
Thanks
Hari
MCDBA
"RS" <rspen@.yahoo.com> wrote in message
news:e$4zwZ2CEHA.3748@.TK2MSFTNGP11.phx.gbl...
> I currently have C2 auditing turned on for a server, and an audit trace
file
> gets written to the default database directory every couple of hours. Is
> there a way to get C2 auditing to write to a separate database for
querying?
> And is there also a way to turn C2 on/off without restarting the server?
> Is C2 the appropriate tool for internal auditing, or is there a
> better tool out there for getting reports, etc?
> cross posted to .securitytools
> Thanks,
> -RS
>|||C2 auditing is primary for forensics purposes and not meant to be used for r
eporting. The logs themselves write to 200mb and then roll over, so it's a
hassle at best to try and get anything meaningful from a reporting standpoin
t. I'd recommend running a
different profile for what you specifically want.|||Thanks..that helps. I think we are going to look at Lumigent, but it is
pricey. Is there anything that offers a good reporting tool for trace files
without being so expensive? Maybe there is a market opportunity here.
-RS
"binary_designs" <anonymous@.discussions.microsoft.com> wrote in message
news:A0B925B8-6ACC-4802-9BBB-26882634DCB2@.microsoft.com...
> C2 auditing is primary for forensics purposes and not meant to be used for
reporting. The logs themselves write to 200mb and then roll over, so it's a
hassle at best to try and get anything meaningful from a reporting
standpoint. I'd recommend running a different profile for what you
specifically want.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment