https://community.splunk.com/t5/Getting-Data-In/who-had-access-to-a-specific-directory/m-p/76036#M15526 <P>What kind of file server are we talking about?<BR /> Windows, Linux or something else? It has to be in the logs for splunk to pick it up, so you need to have an audit somewhere.</P> Wed, 27 Mar 2013 17:27:29 GMT krugger 2013-03-27T17:27:29Z https://community.splunk.com/t5/Getting-Data-In/who-had-access-to-a-specific-directory/m-p/76035#M15525 <P>Hi,</P> <P>I should known, with Splunk, who had access to a specific directory in our fileserver.</P> <P>Questions:<BR /> - what should be the query?<BR /> - before those query should I able the audit control in those specific folder directory?</P> <P>Thanks,<BR /> AM</P> Wed, 27 Mar 2013 14:22:07 GMT https://community.splunk.com/t5/Getting-Data-In/who-had-access-to-a-specific-directory/m-p/76035#M15525 AlessandroMagno 2013-03-27T14:22:07Z https://community.splunk.com/t5/Getting-Data-In/who-had-access-to-a-specific-directory/m-p/76036#M15526 <P>What kind of file server are we talking about?<BR /> Windows, Linux or something else? It has to be in the logs for splunk to pick it up, so you need to have an audit somewhere.</P> Wed, 27 Mar 2013 17:27:29 GMT https://community.splunk.com/t5/Getting-Data-In/who-had-access-to-a-specific-directory/m-p/76036#M15526 krugger 2013-03-27T17:27:29Z https://community.splunk.com/t5/Getting-Data-In/who-had-access-to-a-specific-directory/m-p/76037#M15527 <P>Hi krugger,</P> <P>our fileserver is Windows 2003.<BR /> Audit are actived, maybe I should check the Splunk Forwarder into our fileserver.</P> <P>Thanks!</P> Thu, 28 Mar 2013 13:33:15 GMT https://community.splunk.com/t5/Getting-Data-In/who-had-access-to-a-specific-directory/m-p/76037#M15527 AlessandroMagno 2013-03-28T13:33:15Z https://community.splunk.com/t5/Getting-Data-In/who-had-access-to-a-specific-directory/m-p/76038#M15528 <P>Are trying to get ACLs for each folder on our file server or do you want to track changes to specific folder? I am assuming this is windows server or workstation.</P> Thu, 28 Mar 2013 16:51:58 GMT https://community.splunk.com/t5/Getting-Data-In/who-had-access-to-a-specific-directory/m-p/76038#M15528 bmacias84 2013-03-28T16:51:58Z https://community.splunk.com/t5/Getting-Data-In/who-had-access-to-a-specific-directory/m-p/76039#M15529 <P>In windows, you need to turn object auditing for the folder you are monitoring. Windows will then log events in the windows security log. Assuming you are splunking this, you can start searching for events.</P> Thu, 28 Mar 2013 16:58:51 GMT https://community.splunk.com/t5/Getting-Data-In/who-had-access-to-a-specific-directory/m-p/76039#M15529 BobM 2013-03-28T16:58:51Z