Hi Bruce, I am a little confused. You say:
So the default method is using event log comparison. Then you sayThe"File or folder Created" report is based on comparing snapshots between two schedules. ADAudit Plus runs a periodic scheduler named "File Creation Audit Scheduler" by default at 3 AM every day. The comparison between the latest data received from the present schedule and the snapshot of the previous day's schedule (time-stamped event log data) provides data on the New Files Created for that day.
So in the alternative method, is it doing the file creation reporting in real-time?We've managed to work on a correlation which helps in parsing security logs to deliver the same information. so the other method works based on security log events .
PS: I wonder have dev ever considered leveraging NTFS change
journal or file screening in OnTap to do the same?
