Jump to content


Who's Doing What On My Network?

  • Please log in to reply
No replies to this topic

#1 TheSentinel


    The man in the dark

  • General Admin
  • 30,402 posts

Posted 15 October 2011 - 12:50 PM

Oct 14, 2011 11:46 pm
Who's Doing What On My Network?

By Darragh Delaney, Computerworld

I was away for a few days this week on customer sites and a common question that came up was around finding out what a particular individual was doing on the network. In some cases the query was around web usage and in others the query was associated with bandwidth usage.

There are many sources of user data on networks, the main ones for me are:
Server and application log files
Network traffic
Profile information on computers and laptops
Network switches

These data sources are only useful if you have logging enabled. The most important one is that you capture and store where users are logging onto your network. If you use Microsoft Active Directory, then this information will be stored on your domain controllers once you have logon auditing enabled. I recommend that you should capture these log files on a regular basis and store them on a single system. The main information you need from these logs is usernames, time of logons and the IP addresses of client systems. The IP address information is needed, as other systems on your network may not log usernames and use IP addresses instead.

Once you have a record of all logons onto your network you should then look at capturing application logs and data. For most networks, monitoring file shares, network traffic, databases and Internet usage is sufficient for user monitoring. If you are focusing on data compliance standards you will need to check if you need to monitor other data sources.

More detailed information about that at: