Environment
NetIQ AppManager 6.x
NetIQ AppManager 7.0.x
Microsoft Windows 2000 Server Service Pack 2
Microsoft Windows XP
Microsoft Windows 2003
General_EventLog knowledge script
Situation
How do I setup a job to monitor how many times a file has been accessed?
Resolution
You would need to setup NT File Auditing for the file in question and then use the General_EventLog to scan for the ID associated with the event in the Event Viewer Security Log.
How to setup NT File Auditing for Windows 2000/XP/2003:
- In Windows Explorer, right-click the file or folder you want to audit, and then click properties.
- On the Security tab, click Advanced.
- On the Auditing tab, click Add.
- In the Select User, Computer, or Group dialog box, click the name of the user or group whose actions you want to audit, and then click OK.
In the Auditing Entry dialog box, in Access, click Successful, Failed, or both for the actions you want to be audited, and then click OK.
How to setup NT File Auditing for Windows NT 4.0:
- In Windows Explorer, right-click the file or folder you want to audit, and then click properties.
- On the Security tab, click on Auditing button.
- On the Auditing tab, click Add.
- In the Select User, Computer, or Group dialog box, click the name of the user or group whose actions you want to audit, and then click OK.
In the Auditing Entry dialog box, in Access, click Successful, Failed, or both for the actions you want to be audited, and then click OK.
Additional Information
Formerly known as NETIQKB3766
Windows 2000 users:
You must log on as an administrator or as a member of the Administrators group to specify files and folders to audit. Otherwise, in step 2, the Security tab will not appear or will appear in read-only form.
The Security tab is available only for files and folders on NTFS volumes.
Before you can specify files and folders to audit, you must use Group Policy to enable auditing.