Lepide Software. LepideAuditor for File Server [CONFIGURATION GUIDE] This guide informs How to configure settings for first time usage of the software

Lepide Software

[ CONFIGURATION GUIDE ]

This guide informs How to configure settings for first time usage of the software

LepideAuditor for File Server

© Lepide Software Private Limited, All Rights Reserved

This User Guide and documentation is copyright of Lepide Software Private Limited, with all rights reserved under the copyright laws. This user guide cannot be reproduced in any form without the prior written permission of Lepide Software Private Limited. No Patent Liability is assumed, however, with respect to the use of the information contained herein.

Warranty Disclaimers and Liability Limitation

LepideAuditor for File Server , and any and all accompanying software, files, data and materials, are distributed and provided AS IS and with no warranties of any kind, whether expressed or implied. In particular, there is no warranty for any harm, destruction, impairment caused to the system where LepideAuditor for File Server is installed. You acknowledge that good data processing procedure dictates that any program, including LepideAuditor for File Server, must be thoroughly tested with non-critical data before there is any reliance on it, and you hereby assume the entire risk of all use of the copies of LepideAuditor for File Server covered by this License. This disclaimer of warranty constitutes an essential part of this License.

In addition, in no event does Lepide Software Private Limited authorize you or anyone else to use LepideAuditor for File Server in applications or systems where LepideAuditor for File Server failure to perform can reasonably be expected to result in a significant physical injury, or in loss of life. Any such use is entirely at your own risk, and you agree to hold Lepide Software Private Limited harmless from any and all claims or losses relating to such unauthorized use.

Trademarks

LepideAuditor for File Server is a copyright work of Lepide Software Private Limited. Windows 95®, Windows 98®, Windows ME®, Windows NT®, Windows 2000 Server®, Windows 2000 Advanced Server®, Windows 2003 Server®, Windows XP®, Windows Vista, Windows 7, and MS-DOS, are registered trademarks of Microsoft Corporation. All brand names, product names, logos, registered marks, service marks and trademarks appearing in this document are the sole property of their respective owners. These are purely used for informational purposes only. We have compiled a list of such trademarks but it may be possible that few of them are not listed here

Contact Information Email: [email protected]

Table of Contents

1. Introduction ... 4

2. System Requirements ... 4

3. User Rights ... 5

3.1 User Rights ... 5

3.2 SQL Server Rights ... 6

4. NetApp Settings and Requirements ... 7

4.1 NetApp Auditing Flow ... 10

5. Adding File Server ... 11

5.1 Adding NetApp File Server ... 11

5.2 Adding Windows File Server ... 17

6. Creating Auditing Rule ... 23

7. Creating a New Audit Policy ... 30

8. Creating Alert Queries ... 40

9. Message Settings ... 43

9.1 Email Recipient ... 43

9.2 Network Recipient ... 45

9.3 SMS Recipient ... 46

10. Viewing Reports ... 49

10.1 Troubleshooting ... 51

11. Data Archiving ... 52

11.1 Archive Data ... 52

11.2 Import Data ... 54

12. Conclusion ... 56

1. Introduction

Welcome to the Configuration Guide of LepideAuditor for File Server. In this configuration guide, we have covered the system rights, requirements, settings and various steps required for first time usage of the software.

LepideAuditor for File Server comes with two different consoles:

 Settings Console

 Reports Console

In this guide, we will mostly deal with the settings console and also about how to receive reports. This includes adding file server, creating audit rules and policies, network settings, viewing reports and more.

2. System Requirements

LepideAuditor for File Server (LAFS) needs some basic system requirements to run:

Basic System Requirements:



Pentium Class Processor



2 GB RAM



200 MB of free disk space for software installation



Enough database space for storing records

Supported Windows OS (32/64-bit) Versions:



Windows 8 (all editions)



Windows 7 (all editions)



Windows Vista (all editions)



Windows XP (all editions)

Supported Windows Server (32/64-bit) Versions:



Windows Server 2012 R2



Windows Server 2012



Windows Server 2008 R2



Windows Server 2008



Windows Server 2003 R2



Windows Server 2003



Windows 2000 Server

The following SQL Server versions are supported:



SQL Server 2000 to SQL Server 2012



SQL Server 2005 Express Edition to SQL Server 2014 Express

3. User Rights

To install and work with LAFS, you need to have appropriate rights. Also, you need to have appropriate rights to access SQL Server.

3.1. User Rights

3.2. SQL Server Rights

3.1 User Rights

To install and run software login with Local User or Domain User with Administrative rights depending on the system where software is installed i.e. whether the system is a Domain computer or not.

To assign Local Admin Rights:

A. Go to Control Panel.

B. Select the User Account.

C. Select Change Account Type.

D. Make User as Administrator.

E. Click on Save.



Steps mentioned above may vary depending on the Windows version installed on the system.



If the User Account doesn’t exist on the system, create a new User Account with Administrative rights.

To give Domain Administrative rights:

A. Go to Start Menu > All Programs > Administrative Tools > Active Directory Users and Computers.

B. Active Directory Users and Computers window opens up.

C. Click on Users.

D. Right-click on the User Name and select Properties from the popup menu.

E. Select Member Of tab.

F. Click on Add.

G. Click on Advanced.

H. Click on Find Now button.

I. From the search results, select Administrators and Domain Admins group.

J. Click on Ok.

K. Click on Ok.

L. Click On Apply and Ok.

3.2 SQL Server Rights

User should have rights to create and modify SQL Server Database.

If the above mentioned rights are not assigned, follow these steps to assign the rights:

A. Open MS SQL Server Management Studio.

B. Go to Security > Logins.

C. Right-click on User Name and select Properties.

D. Select Server Roles page and select ‘sysAdmin’ role on the right page.

E. Go to Status page and select Grant and Enabled and click Ok.

4. NetApp Settings and Requirements

In order to successfully audit and get reports from NetApp filers, we need to consider these following requirements:

Recommended Versions



LepideAuditor for File Server successfully audits and report events from NetApp filer with Data ONTAP™ 7.2 or later.



The recommended version for complete feature availability is ONTAP 7.3.4 or later.

Agent Installation

 Multiple file server agents cannot be installed on the same agent server system for monitoring NetApp filer with Data ONTAP™ versions lower than 7.3.

 The agent can only be installed on the domain controller system. Do not install it on workgroup or client systems.

 When you install agent for NetApp file servers, use only NetApp local user.

Recommended Settings

 Please verify settings on the NetApp filer before installing the agent. Ensure that options httpd.admin.enable is on. It is ON by default, but we still recommend you to check it first before installing the agent.

 Ensure that the NetApp filer time is synced with the time on the agent system to get precise report timings.

 On the Agent system GPO Settings, change the required settings as displayed

To perform these settings:

1. Type secpol.msc from the RUN command. The Local Security Policy window will open up. You can also alternatively, go to Administrative Tools and click Local Security policy.

2. Under security settings, click on Local Policies.

3. Then click on Security options. In this section, make the following policy settings:

 Network Access: Do not allow anonymous enumeration of SAM accounts and shares

→ Disabled

 Network Access: Let Everyone permissions apply to anonymous users → Enabled

 Double-click Network Access: Named pipes that can be accessed anonymously and select the checkbox to define policy settings. Type NTAPVSRQ and click apply.

 Network Access: Restrict anonymous access to Named Pipes and Shares → Disabled

Limitations

 Events will not be generated for the changes made from the agent server.

 In order to monitor security settings event reports (Owner, SACL and DACL), ONTAP 7.3 or later version is required.

 SACL (Audit) change events are reported but event details will not be shown in the reports.

Connection Types

LepideAuditor for File Server provides two types of connections with the NetApp filer from agent:

1. Asynchronous: This option is quick but it cannot capture security details. It captures the security events but does not show details.

2. Synchronous: This option captures security details but the process slightly slows down the performance of the filer.

4.1 NetApp Auditing Flow

LepideAuditor for File Server uses the CIFS Auditing mode which allows it to access changes made on NetApp Filers through Windows devices and successfully audit and report them. It uses the assigned File policy or FPolicy to capture events and audit changes within the File Server. The auditing process for NetApp filer is displayed in the below given image:

The steps involved in the above image are:

1. The system where LAFS is installed connects with the agent computer for event collection.

2. The agent computer connects with the NetApp filer and tracks events as per the assigned fpolicy.

3. The NetApp filer sends immediate events for any change made within the file server.

4. The agent sends this event to the location where LAFS is installed.

5. LAFS connects with the SQL database and stores these events for report generation.

6. LAFS displays reports as per the audit rules and policies to display all changes within the File Servers.

5. Adding File Server

Post installation, the first thing that you need to do is to add a File Server to the application which you want to audit. With LAFS, you can add unlimited numbers of file servers from multiple platforms. These are:

 Windows File Servers

 NetApp File Servers

5.1 Adding NetApp File Server

To audit a File Server, you first need to add the concerned File Server to LAFS. In order to add a NetApp File Server, execute the following steps:

1. Click Add File Server option from the Tool Bar of the LAFS-Settings Console or from the Add button.

2. Choose the File Server type that you want to add. The software allows choosing from Windows and NetApp File Servers. Click on NetApp Filer.

3. Add File Server dialog box opens up.

4. Enter the Filer Name or its IP address manually or click the Add button. Please use only NetApp local user.

5. Enter Username and Password for the Filer and click Next.

Here, we are adding the Filer manually. To check how to add a Filer through the Add option, see adding a Windows File Server.

6. The next step is to provide SQL information for data storage.

7. Browse and specify the Server Name and Authentication type. It is recommended to provide SQL Server authentication.

8. Now provide Database details where events from the concerned file Server will be stored. You can either create a new database or select a previously created database.

Click Next.

9. The NetApp Agent Information page will open up. Here, provide details of the system where you wish to install the agent to collect changes from the NetApp filer.



You can install the agent server on another system apart from the NetApp filer.

However, it is important to note that the agent can only be installed on the domain controller system. Do not install it on workgroup or client systems.

10. Enter the name or IP Address of the agent system.

11. Provide Username and Password to allow access to software to install agent.

12. Now you need to choose the Connection Type.



LepideAuditor for File Server provides two types of connections with the NetApp filer from agent:

i). Asynchronous: This option is quick but it cannot capture security details.

It captures the security events but does not show details.

ii). Synchronous: This option captures security details but the process slightly slows down the performance of the filer

13. Certain changes are required in the Local Security Policies to allow the software to audit Filers. The software provides a checkbox to automatically make such changes from its end. If you want to make changes manually then uncheck it. To see how to manually make changes, click here.

14. Click the checkbox to automatically make changes. The software displays the list of required changes in the next screen and reconfirms it.

15. Click 'Next' and the agent installation process starts. Click 'Finish' when the process is completed.

16. The software will ask whether you want to create an audit rule. Click 'Yes' to create a new audit rule or you can select an existing audit rule to apply audit settings on the added NetApp file server.

The newly added NetApp File Server will be displayed in the software interface.

You need an Audit Rule to start monitoring the newly added File Server.

Audit Rule is a combination of Audit Policy (holds information for the objects which are to be audited), users/user group who are to be audited, alert query type, alert format and recipient information.

Audit Rule, Audit Policy, User Group, Alert Queries can be created from their respective sections as well as while creating an Audit Rule.

The next section shows how to add a Windows File Server, if you want to directly proceed to adding an Audit Rule, go to Creating an Audit Rule.

5.2 Adding Windows File Server

To audit a File Server, you first need to add the concerned File Server to LAFS. In order to add a File Server, execute the following steps:

Add File Server

1. Click Add File Server option from the Tool Bar of the LAFS-Settings Console or from the Add button.

2. Choose the File Server type that you want to add. The software allows choosing from Windows and NetApp File Servers. Click on Windows File Server.

3. The Add File Server dialog box appears.

4. Enter the File Server Name or its IP address manually or click the Add button.

5. On clicking the Add button, all available domains in the network will be shown in the dropdown menu. Select the appropriate domain and click Find.

6. All available computers in the selected domain will be enlisted. Select the required file server which is to be added and click Ok.

7. Now provide Authentication for the added File Server. If the local system is added, then select Current User or else provide authentication for the added remote file system.

8. Once you have added the file server click Next to proceed. The SQL Server Information page appears.

9. Browse and specify the Server Name and Authentication type. It is recommended to provide SQL Server authentication.

10. Now provide Database details where events from the concerned file Server will be

stored. You can either create a new database or select a previously created database. Click Next.

11. The Agent Status page is displayed where the software installs agent on the File Server.

Once Agent Installation is over, click Finish to complete the process.

12. The software will ask whether you want to create an audit rule. Click 'Yes' to create a new audit rule or you can select an existing audit rule to apply audit settings on the added Windows file server.



You need an Audit Rule to start monitoring the newly added File Server. Audit Rule is a combination of Audit Policy (holds information for the objects which are to be audited), users/user group who are to be audited, alert query type, alert format and recipient information.

Audit Rule, Audit Policy, User Group, Alert Queries can be created from their respective sections as well as while creating an Audit Rule.

6. Creating Auditing Rule

After you have added the File Server to the application, you need to create auditing rule for that File Server. In the Audit Rule, you can base your auditing on:

 Objects i.e. Directories, Drives, Events, Files Masks, Monitoring Time, and Processes that you want to audit.

 Users/ User Groups actions which you want to audit.

You can also setup Alerts for critical events and configure Email Recipients, Network Recipients, and SMS Recipient for delivering those alerts.



In the below example, we are creating an audit rule with predefined policy. To create auditing rule with a user-configured policy refer section Creating Auditing Rule with New Policy.

To create a new Auditing Rule:

If you select “Yes” in the last step of the Add File Server Wizard, the “Add Rule to the File Server” wizard starts automatically.

Alternatively, you can navigate to the “Audit Rules” section from the left pane and click on

“Add New Rule” icon in the “Select Rule” section of the right pane to start this wizard.

A. Select Create New Rule radio button under Add Rule section.

B. Enter a rule name and select the File Server for which you want to create the rule if it is not already selected in the “File Servers” dropdown.

C. Click on the Next button.

D. Select the policy type from the given three options:

LAFS allows you to link Audit policy to both – a User and a User Group.

a) Individual User Policy: Selecting this option means, the applied audit policy will be the one associated with the accessing User. That is, if the User is a part of a Group, data will not be collected as per Group's policy but as per accessing User's policy.

b) Group Policy: In this case data will be collected as per the Group's policy no matter which User of the Group has logged in. That is, Policy associated with the User will be overridden by the Group's policy.

A few possible scenarios here are:

i. We have added four Users each of which belongs to same Group and they have same or different audit policy. And here we select "Individual User Policy". In this case audit data will be collected as per each User's policy.

ii. We have added four Users each of which belongs to different Groups and they have same or different audit policy. And here we select "Individual User Policy".

In this case audit data will be collected as per each User's policy.

iii. We have added four Users each of which belongs to same Group and they have same or different audit policy. And here we select "Group Policy". In this case audit data will be collected as per Group's policy.

iv. We have added four Users each of which belongs to different Group and they have same or different audit policy. And here we select "Group Policy". In this case audit data will be collected as per each User's Group's policy.



Selecting Individual User policy and Group Policy will not generate report here as we have not yet created any User Group in the application. These policies can be selected only if you have pre-defined groups in the application.

c) Selected Policy: It has four options under it. The first three are pre-defined policies while the fourth one can be configured.

 Audit All: Audit all Files and Folders accesses on the File Server.

 Audit Shares Only: Audit only shared Files and Folders.

 Audit all but Shares: Audit all Files and Folders accesses except shared files and folders.

 Create New Policy: Create new policy where you can define what all Objects you want to audit.



These are predefined Audit Policies. If you wish to create a new policy, go to Creating a New Audit Policy

E. We are selecting ‘Audit All’ policy for now. Click Next to proceed.

F. On this page, you can select User or User Groups that you want to audit. You can also exclude them from auditing or simple select all users.

G. We are selecting ‘All Users’ for now. Click Next to proceed.

H. On this page you can setup an alert for any change you want by selecting an existing query or creating a new query. You can also provide recipients name. Click on Finish to complete the process.



In this section, we are skipping the alerts part as there are no predefined alert queries and settings for receiving alerts are also not configured. They have been dealt in detail below.



To see how to create an alert query now, go to creating Alert Queries



To check message settings configuration now, go to Message Settings

I. The newly added File Server is displayed under All File Servers on the right side screen.

J. Click ‘Update Agent on all File Servers to apply new Settings’ from the top of the screen.

K. Update Agent window appears, select the File Server and click on Next.

L. Agent Update successful message appears, click Finish to complete the process.

7. Creating a New Audit Policy

In this section we will see how to create a new audit policy. By creating a new audit policy, you can ensure that you audit only the required objects i.e. only specified Files, Folders, Directories, Events and Processes. You can create a new audit policy and then associate it with an audit rule to audit only selected objects.

To create a new policy:

1. Navigate to the Audit Policies in the left pane.

2. In the right-pane go to the Policy Name section and click on the Add New Policy icon.

3. Add New Policy wizard appears.

4. Enter a Policy Name and Description.

5. Now, select the object list type from the dropdown menu and click the Add button. You can select multiple object lists and add them in the policy.

Choose from: Directory, File Mask, Process, Event and Monitoring Time

Add Directory

6. Select Directory and click Add, the add directory window opens.

7. Again click the Add button, the software allows adding directories through 3 options:

Manually, Scan, Default.

8. Click Scan and select the File Server whose objects you wish to add in the policy. Use the Add and Remove buttons to add or remove individual directories.

9. Click Ok. The Scan and Add window will close and you will be redirected to the Add Directory section. You can add more directories if needed. To manually add a directory, click ‘Manually’ and enter directory name. To add the Default Directories, click ‘Default’

to select the required directories and add them in the audit list.

10. The software will enumerate all the selected directories. You can use the Remove button to remove directories.

11. Click Ok. All added objects will be listed under the Object Lists section. You can even exclude these objects from being audited (All objects, expect the listed will be audited).

12. You can modify or remove any particular entry from here as well.

Add File Mask

13. To add File Masks, select File Mask from the Add New Policy dropdown window and click Add.

14. The process to add File Masks is same as adding directories. Here you get two options to add file masks: Manually and Scan.

15. Select the required File Masks and click Ok to include them in the object list.

Add Process

16. To add System Processes, select Process from the Add New Policy dropdown window and click Add.

17. The software provides the option to manually enter process names or select from the default processes.

18. To manually add process, enter the process name and click Ok.

19. To add default process, click default and select the default processes.

Add Event

20. In this case, the software directly lists all file and folder events. Select or Unselect required events.

Monitoring Time

21. You can choose when to monitor the selected objects from here.

22. Click Add to choose from Always, Weekly, Daily, Monthly and One Time Only.

23. Enter the time details as per your auditing needs and click Ok.

24. All added objects will be successfully listed under the object list section. You can modify and delete them if required.

25. Click Ok to successfully create a new Audit Policy.

The newly created Audit Policy will be listed under the Audit Policy section. Now, it can added within an Audit Rule to start receiving reports regarding any changes found as per the selected parameters.

8. Creating Alert Queries

Create Alert Queries to get instant alerts if any critical event occurs in the File Server. After you have created an Alert Query, you need to configure Message Settings to deliver these alerts to intended recipients. Here we will create an alert query of WINWORD.exe process.

To create an Alert Query:

A. Navigate to the Alert Queries in the left pane.

B. On the Alert Queries page, click on the Add Query button.

C. Add Query window appears.

D. Enter Query Name, Subject and Description.

E. Click on the Create Query button. Create Query window appears.

F. In the Select Object Name section, there are four options: File Mask, Process Name, Path Name and Event Name. In this case we select Process Name as we are creating an alert for the process.

G. In the Select Object Operator field, you can choose between “Equals To” and

“Contains” conditions. Here we are selecting “Equals To”.

H. In the Enter Object Value field enter WINWORD.exe (since we are creating an alert for MS Word). Click OK.

I. In this case recipients will receive alerts for all events associated with Microsoft Word. If you want to receive alerts only for specific events of MS Word, you need to specify more specific criteria.

J. For that, select AND operator in the left-most field of the Create Query header.

K. Click on the Create Query button. Create Query windows appears.

L. Select Event Name option in the Select Object Name section.

M. In the Select Object Operator, select Equals To and in Enter Object Value select “File- Delete)”. Click Ok.

Similarly, you can add other events as well. You need to use OR operator before creating each criteria if you want to receive alerts for any of the security events.

Each criteria needs to be enclosed in brackets and separated by AND/OR operators.

In our case, the full query would look as shown in the figure below.

Symbols and their meanings:

“+(“ = Add bracket at the beginning of a criteria.

“+)” = Add bracket at the end of a criteria.

“-(“ = Remove a bracket from the beginning of a criteria.

“-)” = Remove a bracket from the end of criteria.

N. Click on OK to close the window.

O. Newly added Query appears in the list.

P. “Update agent on all file servers to apply new settings” strip appear on the top, click over it.

Q. Update Agent window appears. Select the File Servers and click on Next and OK.

9. Message Settings

In this section, you can configure message settings to send real-time alerts in case any critical event occurs in the File Server. You can include the message recipients while creating audit rules or while modifying an audit rule. You first need to create Alert Queries before you can associate message settings with audit rules.

There are three options to choose from:

9.1 Email Recipient 9.2 Network Recipient 9.3 SMS Recipient

9.1 Email Recipient

First you need to configure an email server in the application and add then add recipients for receiving email alerts.

To configure Email Settings:

A. Select Message Settings from the left pane.

B. Email Recipient is the default selected tab in the in the right pane.

C. Click on the Server Settings option ( ).

D. Message Server setting window appears.

E. Enter SMTP Server name/IP and Port number (which is 25 for most email servers). Select if SMTP Server requires authentication and provide User Name and Password. Enter senders’ Email address and Subject line in the given field. Click on the OK button.



Enabling SSL (Secure Sockets Layer) depends on your email server settings.

Select SSL checkbox if it is enabled on the email Server; keep it unselected if it is not enabled on the email Server.

To add Email Recipient:

A. On the Email Recipient tab, click on the Add Email Recipient button ( ).

B. Add Email Recipient window appears.

C. Enter Recipient Name, Description and Email Account. Click on the Ok.

D. Newly added recipient appears on the recipient’s list.

E. “Update agent on all file servers to apply new settings” strip appears on top of the page.

Click over it.

F. Update Agent window appears. Select the File Servers and click on Next and OK to update agents.

9.2 Network Recipient

You can use this method of delivery if intended recipient lies within the organizational network.

To add Network Recipient:

A. Select the Network Recipient tab.

B. Click on the Add Network Recipient button ( ).

C. Add Network Recipient window appears. Enter Recipient Name and Description.

D. Enter Server Name/IP or User Name in the last field. Click on OK.

F. “Update agent on all file servers to apply new settings” strip appear on the top, click over it.

G. Update Agent window appears. Select the File Servers and click on Next and OK.

9.3 SMS Recipient

You can also use mobile number to deliver alerts via SMS. For that, you first need to do Modem Settings and then Add SMS Recipients.

To add Modem Setting:

A. Click on the Modem Settings button ( ).

B. Modem Settings window appears. Enter the values in the given fields. You can also send a Test SMS by entering a mobile number. Click on OK to close the window.

To add SMS Recipient:

A. Click on Add SMS Recipient button ( ). Add SMS Recipient window appears.

B. Enter Recipient Name, Description, and Mobile Number. Click on OK.

C. “Update agent on all file servers to apply new settings” strip appear on the top, click over it.

D. Update Agent window appears. Select the File Servers and click on Next and OK.

Applying Message Settings in Audit Rule

Once Message Settings have been configured, you need to add them in an Audit Rule to implement the settings and then only alerts will be received as per the set Alert Query.

For this, follow the below mentioned steps:

i. On the Audit Rule page, select an existing rule over which you wish to receive alerts.

ii. Click the modify button. Modify Rule page opens up.

iii. Select the ‘Send Alert’ checkbox.

iv. Select an Alert Query from the dropdown list.

v. Now click on the appropriate alert mode and click ‘Add Recipient’.

vi. Select the recipient to whom you wish to send instant alerts.

vii. Click OK to finish the process.

10. Viewing Reports

Once all the settings have been performed and auditing has been stated, you can go to the Report panel to view the reports for any changes within the audited parameters. You need to configure the database which was used while adding the File Server to start getting reports.

To view Reports:

A. Click on the Report Console from the toolbar.

B. The Report Console opens up in the background and in the front Configure Database window appears.



Configure Database window appears only when you open the Report Console for the first time. However, if you select "Show at Startup" checkbox, it will appear every time you open the console.

C. Select the SQL Server that you used while adding the respective file server from the dropdown. Provide authentication details.

D. Select the database which you have created while adding the File Server.



You can use multiple SQL Servers or different databases from the same SQL Server for each file server that you want to audit. However, to view reports of any File Server, you need to configure database as per the selected server and database while adding it.

E. Click OK.

F. Now click on the Refresh button from the toolbar of the Report Console.

G. The report is generated and displayed on the right pane. All the filtering options are displayed on top of the reporting grid. The software by default shows the All Changes report. To view any specific report, just click on that report from the left pane.

10.1 Troubleshooting

If you cannot view reports after doing the required configurations, try the following:

1.

Check if Agent on File Server is properly installed or not. Check the Agent Status on the Home Screen of the software.

2.

If the Agent is properly installed, check the Rule and Policy if they have been properly applied or not. Check Rule Name (box should be filled), Rule Status (it should be enabled) and Assigned Policies (Policy name should be displayed) under File Server on the left pane.

3.

It is advised to use SQL authentication even if SQL Server is installed on the local system. If you cannot use SQL authentication for any reason and using Windows authentication, try the following:

i. Run ‘services.msc’ in the RUN command on system where software is installed.

ii. Double-click Lepide FSA Service.

iii. Go to Log On tab, select “This Account" and browse User name by which you have logged in to the system and provide the password in the given field. In case the User Name is already selected, re-enter the password in the given field.

iv. After that, click Apply and OK.

v. Again, right-click on the Lepide FSA Service and select Restart from the displayed options.

If you still face any issues with the software, you can check the software FAQs, refer to the software help file or contact support anytime.

11. Data Archiving

With LepideAuditor for File Server, you can archive all old data and keep them safe for future references. You can import them later anytime as logs will be safe and secure forever. Archived data is saved in SQL servers for long term storage. Let’s see how to archive old data and import them again for future use.

11.1 Archive Data

In order to archive data, follow the below mentioned steps:

1. In the Reports Console, go to the Menu Bar and click on the Tools option.

2. Click ‘Archive Data’ and the Archive Data window will open up.

3. You can Archive Data instantly as well as create schedule for periodic Archiving of Audit data. Check the appropriate checkboxes.

b. Choose from Daily, Weekly, Monthly and One Time only options to state the schedule interval.

c. Provide the schedule running time accordingly.

4. Now provide account details to allow access to the software to run schedule. Provide administrative account name and password.

5. Next, you need to provide the time frame after which data will be moved and stored in the Archive Database.

The remaining part is to provide SQL Server details which will be used to store archive data.

6. Select SQL Server Name. You can choose the same SQL Server where all report data is stored or select any other server within the network.

7. Provide authentication to logon to the server.

a. Use Windows Authentication for local server

b. Use SQL Authentication for network servers. Provide username and password in this case.

8. Now select the database which will be used to store data.

9. Click ‘Ok’.

Now, as per provided details, all old data will be automatically archived.

11.2 Import Data

In order to archive data, follow the below mentioned steps:

1. In the Reports Console, go to the Menu Bar and click on the Tools option.

2. Click ‘Import Data’ and the Import Data window will open up.

3. Now select the Server Name. Select the same server which was used to Archive Data

4. Provide authentication to logon to the server.

a. Use Windows Authentication for local server

b. Use SQL Authentication for network servers. Provide username and password in this case.

5. Now, select the same database where data was archived.

6. Next, select the data import date range. Choose start date and end date.

7. Click ‘Import’.

Thus, you can view reports for the previously archived data within the selected date range.

12. Conclusion

Thus, LepideAuditor for File Server can be easily configured and used to audit network wide File Servers from a central location.

This was an overview regarding the configuration part for first time usage. To know how to work with the software in detail and other options, please refer to the software manual.

To read more about the software visit: http://www.lepide.com/file-server-audit/

For software related queries, you can contact us at:

Helpline: +1-800-814-0578

For support or any other queries, drop a mail at:

For General Queries: [email protected]

For Sales: [email protected]

For Technical Support: [email protected]