How to check file access from users

61 views
Skip to first unread message

Uğur Aygün

unread,
Nov 29, 2022, 1:55:41 AM11/29/22
to Wazuh mailing list
Hi all

I want to check file access from users. I mean when they accessed a file and if they delete or change it etc. 

I want to see their actions on my fileserver not on their local computers by the way.

How can i write it to the ossec.conf ? or do i need to do anyting.

Thanks for your answers.

Aditya Sharma

unread,
Nov 29, 2022, 2:09:31 AM11/29/22
to Wazuh mailing list
Hi Ugur, Hope you are doing well!

As you want to see the File Integrity Monitoring on your servers, you just need to follow the below documentation to achieve this: https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/how-it-works.html &https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/fim-configuration.html#fim-examples

Remember to see that exact user, you need to enable the Whodata on the servers/agents, and to enable whodata, you need to start the auditd service on the agent itself.

I hope this helps you. Don't hesitate to ask your questions/concerns.

Regards
Aditya Sharma

Uğur Aygün

unread,
Nov 29, 2022, 2:17:09 AM11/29/22
to Wazuh mailing list
Thank you Aditya for your fast answer and i hope you are also good;

I just want to know one think;

My fileserver actually is not a server at all it is more like a disc that user will see data so i can not setup any agent to my fileserver side.

Is it still possible to see the logs that which user changed which file with using the methods you mentioned above ?

Thank you again and sorry for my ignorance because i am very new to wazuh 

29 Kasım 2022 Salı tarihinde saat 10:09:31 UTC+3 itibarıyla aditya...@wazuh.com şunları yazdı:

Aditya Sharma

unread,
Dec 2, 2022, 4:24:29 AM12/2/22
to Wazuh mailing list
Hi Ugur, Sorry for the late response!

Can you please explain a little but more about what exactly you are trying to achieve here?

Regards
Aditya Sharma
Reply all
Reply to author
Forward
0 new messages