Recording All Activity on a Server
A frequent question I’ve been asked is if there is some way of recording all activity on a server. This question usually arises for a couple of reasons.
First, senior administrators in large IT departments tell me they would like a way of recording everything that is done to a server by anyone who logs on to the server either locally or remotely. Typically what triggers this idea is that a server suddenly starts behaving strangely, and examining the event logs doesn’t give any indication what’s gone wrong. Running performance monitoring tools might give some clues, but these can be cumbersome to use and interpret. A tool like Process Explorer, one of the Windows Sysinternals tools, can dig down deep into what’s happening, but this tool can generate an enormous amount of data and it takes some degree of expertise and patience to tease useful information from it. And I don’t know about you, but I’m too CHOOSE ONE (busy, lazy) to bother running a performance trace or firing up Process Explorer most of the time when things go wrong. Most of the time I just look at the Event logs and hope they can tell me what I need to know.
So administrators ask me, is there any way of just recording everything that happens so they can go back and see who did what that might have caused the problem the server is experiencing. Here’s just the product you might need for this: ObserveIT. This cool tool can monitor and record everything that anyone does while logged on to your server, whether they’re logged on locally or using a Terminal Services connection. Not only is this terrific for troubleshooting scenarios, it can also be useful in regulatory compliance situations where industry or government regulations, for example in the banking sector, might require all actions performed on a server to be recorded in order to maintain a forensic audit trail. Here's a really cool Flash demo of how the product works which illustrates the powerful record, search, and annotate capabilities of this product.
Heard about or tried out any other products for recording user activity during a logon session? Email me and I’ll share it with other readers of this blog.
Build your tech library with our book giveaways.
Hacking Exposed, Sixth Edition
By Stuart McClure, Joel Scambray, George Kurtz; Published by McGraw-Hill/Osborne
The original Hacking Exposed authors rejoin forces on this tenth anniversary edition to offer completely up-to-date coverage of today's most devastating hacks and how to prevent them. Using their proven methodology, the authors reveal how to locate and patch system vulnerabilities. The book includes new coverage of ISO images, wireless and RFID attacks, Web 2.0 vulnerabilities, anonymous hacking tools, Ubuntu, Windows Server 2008, mobile devices, and more. Enter now!
