Splunk should be able to provide the data in whatever format you desire, including exporting to csv if Excel is your thing. If you'll be searching, the web interface is I'd say 95% accessible. There is also a command-line interface and REST API. If you'll be administering, everything is ini-style configuration files at the core, so things are good from that standpoint. Interfaces are similar; web for many things, command-line for some, API, or config file editing. I'm in the midst of working with a small team to implement Splunk in a distributed environment. Let me know if you have any questions. Chris On Fri, Apr 22, 2016 at 02:46:42PM +0000, Ryan Shugart wrote:

Currently, we're using a tool from Dell, formerly Quest Software, called Change Auditor that captures this info quite well. We have an older version with some accessibility issues, but those are supposed to be better. We're moving off Change Auditor to a new tool called Splunk that I'm told is the bees knees in terms of log analisys and auditing. I haven't seen it yet though. Ryan

-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Troy Hergert Sent: Thursday, April 21, 2016 10:55 AM To: Blind system administrators Subject: [Blind-sysadmins] Active Directory auditing

Does anyone know of a tool, native to Server 2012 or third party that would allow me to generate a basic logon/logoff report by user? My organization isn't really having any issue since we are very flexable with people using VPN connections and working from home. HIPAA compliance requires that we at least be able to pull a report when necessary. Any recommended tools out there? Thanks. _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

Thank you for all the suggestions. You've all lead me on to some good research. -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Chris Nestrud Sent: Friday, April 22, 2016 11:30 AM To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Active Directory auditing Splunk should be able to provide the data in whatever format you desire, including exporting to csv if Excel is your thing. If you'll be searching, the web interface is I'd say 95% accessible. There is also a command-line interface and REST API. If you'll be administering, everything is ini-style configuration files at the core, so things are good from that standpoint. Interfaces are similar; web for many things, command-line for some, API, or config file editing. I'm in the midst of working with a small team to implement Splunk in a distributed environment. Let me know if you have any questions. Chris On Fri, Apr 22, 2016 at 02:46:42PM +0000, Ryan Shugart wrote:

Currently, we're using a tool from Dell, formerly Quest Software, called Change Auditor that captures this info quite well. We have an older version with some accessibility issues, but those are supposed to be better. We're moving off Change Auditor to a new tool called Splunk that I'm told is the bees knees in terms of log analisys and auditing. I haven't seen it yet though. Ryan

-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Troy Hergert Sent: Thursday, April 21, 2016 10:55 AM To: Blind system administrators Subject: [Blind-sysadmins] Active Directory auditing

Does anyone know of a tool, native to Server 2012 or third party that would allow me to generate a basic logon/logoff report by user? My organization isn't really having any issue since we are very flexable with people using VPN connections and working from home. HIPAA compliance requires that we at least be able to pull a report when necessary. Any recommended tools out there? Thanks. _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

I wanted to thank everyone again for their suggestions of third party software for active directory auditing. Because our needs are very simple I was able to find ways to pull the information I needed directly out of the server event viewer. Just wanted to give you a summary of what I did. Print jobs: I found the print server job log by drilling down deep into the applications and services group. This was not enabled by default, so I enabled it and was able to filter the log file by the ID number of a successful print job. I was then able to save the filtered log file into a csv file. This enabled me to see which users have sent jobs to which printers. User logons: this was a bit more challenging I did some searching on this topic and found that I needed to paste in some xml code to filter the log file by a specific users logon events. This was a bit more challenging but it works. If anyone else would like to know how all this worked for me, feel free to Email me. Thanks again.

You're absolutely right. I have a 50-person non-profit agency where 1 domain controller is more than enough, especially with so many of our key systems being cloud-based now. You definitely need something that can manage the logs from multiple controlers. -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Ryan Shugart Sent: Tuesday, April 26, 2016 7:04 PM To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Active Directory auditing Troy: Out of curiosity, how many domain controllers do you have in your environment? Logon events are housed on each domain controller, so you had to have made this change on each DC in your environment. If you have only one or two that’s not a big deal, my environment has 40 around the world so not sure that solution would work in that case unless its a file that can be easily copied across and maintained. Ryan -----Original Message----- From: Blind-sysadmins on behalf of Troy Hergert Reply-To: Blind sysadmins list Date: Tuesday, April 26, 2016 at 10:30 AM To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Active Directory auditing

I wanted to thank everyone again for their suggestions of third party software for active directory auditing. Because our needs are very simple I was able to find ways to pull the information I needed directly out of the server event viewer. Just wanted to give you a summary of what I did.

Print jobs: I found the print server job log by drilling down deep into the applications and services group. This was not enabled by default, so I enabled it and was able to filter the log file by the ID number of a successful print job. I was then able to save the filtered log file into a csv file. This enabled me to see which users have sent jobs to which printers.

User logons: this was a bit more challenging I did some searching on this topic and found that I needed to paste in some xml code to filter the log file by a specific users logon events. This was a bit more challenging but it works. If anyone else would like to know how all this worked for me, feel free to Email me. Thanks again.

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins