@richc
-
Rich Cocksedge replied to the topic Office 365 Reporting to Compare Against Firewall Report in IT Administration Forum 2 years, 8 months ago
Right – I looked at the usage reports but as I mentioned in the OP it did not give me Data totals but rather item totals. The FW reports provide me with Data totals so I am simply trying to line them up.
-
Rich Cocksedge replied to the topic Best network monitoring tool? in IT Administration Forum 2 years, 8 months ago
I have used in the past:
1. Zabbix
2. Icinga
3. Nagios Core
It really does depend on what you’re truly looking to do. In addition how much work do you want to put into the initial setup. I also am making some assumptions that you’re wanting to setup some form of thresholds for alerts.
-
Rich Cocksedge started the topic Office 365 Reporting to Compare Against Firewall Report in IT Administration Forum 2 years, 8 months ago
Hello All,
In recent months we have noticed a specific user with abnormally high traffic on the firewall. When we dug into it more it was determined that the traffic was being sent to Office 365 (a valid business tool for us). What I’d like to do and for some bizarre reason cannot find out where I can do it is pull a user specific report in O365 for a month and get a listing of the items broken down by product (Exchange, OneDrive, Etc.) and the data total (in GB) which make/made up this data transfer total. There are a few reports within the admin console area but none which allow for data totals only object counts etc.
I cannot be the only person who could be trying to do this….lol
I appreciate any help anyone here has for me.
Rich
-
Rich Cocksedge started the topic Using Logs to Determine File Copies in IT Administration Forum 3 years, 9 months ago
Hello,
I have been delving into the windows logs and while there are many options I have not been able to find a unique log ID to determine a session for a file copy in the Windows logs.
The Scenario:
I am trying to find a way of grouping sessions and files copied in my File Servers logs to better determine potentially malicious transfers.
What I have so far:
The only log entry which I can find with regularity during this copy process in my testing is ID: 4663, This seemingly appears when each folder is accessed for files being copied. What I do NOT see anywhere in the log entries is a common thread between these two entries aside from the authenticated user who is copying the files.
Questions:
- Does anyone know where or if there is a log entry which would flag (ideally prior to transfer) the size of the potential transfer and a unique session ID?
- Does anyone know of a field in the server logs which I can use during a transfer to connect or link entries together?
Finding these logs and transfers has not been an issue for me it is building the connections between them which I cannot seem to find. I appreciate any guidance or pointing in the right direction.
Rich
-
Hello,
First off this is a great article and thank you for posting it. I do have a question though and frankly I cannot find the answer in the article here. If I were to want to redirect the desktop folder in a controlled way for a selected group of people there appears to be a means of doing so via the following options:
User Configuration->Windows Settings->Folder Redirection-> Desktop
In here when you edit properties there are two tabs:
Target & Settings.
In the Target tab there is a drop down for Setting: Basic (apply to all) and Advanced (specify locations…).
When Advanced is selected (which I’d assume I’d need to do). I then select a specific AD Sec Group and click apply.
Now the question:
Is this the correct steps to target this GPO for a folder re-direction?
(Knowing that I have left out the Environmental Variable part)
If so then why is it that when I preview the GPO it shows as setting level basic instead of advanced?
-
