I'm managing a mid-sized Windows environment with a file server for file sharing. I'm looking for efficient options to log user activity, specifically to track when users open files and maintain a detailed log for auditing purposes. We've tried setting up Sysmon with the ELK stack and enabled file auditing, but it hasn't really given us the useful insights we need. How are others in similar environments handling file access logging?
5 Answers
You might want to check out ManageEngine's Data Security Plus. I've implemented it in several places, and it handles these kinds of logging use cases quite well at a much lower cost compared to Varonis. Worth a look!
Honestly, if you need that level of auditing, storing your data on a standard Windows file server may not be the best choice. You might want to consider other solutions that are designed specifically for high-security and audit requirements.
File Auditing event 4663 is the go-to method for tracking file access on Windows. What issues are you facing with it? Is it that you can't find the data you need? It might also be a matter of how you're interpreting the logs, so clarifying what you're missing could help a lot.
I’ve set up Windows Event Forwarding (WEF) and Windows Event Collector (WEC) on my servers. Plus, I created a PowerShell script that reads events into JSON files and sends them over to my log cluster. It’s been effective for detailed tracking!
We are using a Varonis server for our logging, but it can be pretty pricey. It’s super handy when you really need it, but I find that we don’t always need that level of detail, which makes it hard to justify the cost.

Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures