File Share Monitoring Software | NetFort Technologies

By: Netfort Technologies  05/12/2011
Keywords: Network Management, Network Manager, File Share

File share auditing

LANGuardian tells you exactly what is happening on your Windows infrastructure. It monitors and records every access to your Windows file shares, recording details of user name, client application, server name, event type, file name, and data volume. LANGuardian stores this information in its database, and uses it as the basis for a wide range of reports that you can access via the browser- based user interface.

With the unique level of insight it offers into activity on a Windows network, LANGuardian will quickly become an indispensable part of your network management and system administration toolkit. You can apply it to a wide range of troubleshooting and monitoring tasks, for example:

  • Finding out what files have been deleted from a file share and who deleted them.
  • Identifying the users that have accessed a specific file or file share over a specific time period.
  • Counting how many files of a given type are shared on the network.

File share auditing in action

The following are some examples of how customers have used LANGuardian to address file share issues on their networks:

  • After a leak of sensitive information about an upcoming product, an engineering manager in a design company requested a list of all users who had accessed the product specfication document in the previous month. The IT department used LANGuardian to create a report, from which the manager was able to determine that the specification had been read by a former team member whose access to the file share had not been removed.
  • Following a request by a distric office for a costly WAN link upgrade to address complaints by remote users about network performance, the network manager in a local authority used LANGuardian to generate a report of the users at that location who were consuming the most bandwidth. By drilling down through the report, he was able to determine that some users were repeatedly opening and saving large documents from a file share. The problem was solved by educating the users to download their documents, work on them locally, and save them back to the file share at the end of the day.
  • As part of a data protection in the Human Resources department, a manager asked for a report that identified all users who had accessed the HR shared folder during the past year. The report showed that no unauthorised users had accessed the folder, enabling the department to demonstrate compliance with the company's data protection policy.
  • A network manager in a university became concerned that users on the network might have been sharing music files on the university network, infringing copyright and exposing the university to the threat of litigation. By generating a report by file name and using wildcards for common audio file formats such as MP3, WMA and AAC, the network manager was able to identify a number of file shares containing music files and to ask the owners to remove the files from the network.
  • An IT manager happened to notice from the LANGuardian dashboard that a specific IP address was consuming a lot of bandwidth. On drilling down through the reports to find the user involved and the file shares being accessed, it emerged that the user was leaving the company on that day and was downloading confidential financial and marketing material to her laptop to copy onto a memory stick and take with her when she left.

How it works

At a technical level, LANGuardian works by analyzing network traffic that uses the Microsoft Server Message Block (SMB), a network file-sharing protocol that facilitates sharing of data between clients and servers. SMB is primarily a Windows-based protocol, but a number of third-party products exist to make it available on other platforms including OpenVMS, HP-UX, Solaris, Novell Netware and Linux. The open-source implementation, Samba, is the most widely used. LANGuardian can monitor file share activity on any platform that implements the SMB protocol.

Keywords: Drilling Down, File Share, It Monitors, Network Management, Network Manager,

Contact Netfort Technologies


Print this page


Other products and services from Netfort Technologies


Network Bandwidth Monitoring Solutions | NetFort Technologies

LANGuardian monitors your bandwidth usage in the same unobtrusive way it monitors other aspects of network and user activity – it gathers information by analyzing the traffic flowing through your network, so there are no clients or agents to install, and there is no performance impact.


Network Compliance Monitoring | NetFort Technologies

From internal policies to local laws and global industry standards, there are demands not only to comply, but also to demonstrate compliance, with an increasingly demanding regulatory environment. LANGuardian provides drilldown and reporting features that you can use to meet day-to-day compliance requirements, and it provides an independent and secure audit trail that cannot be modified.


Copyright Infringement Software | NetFort Technologies

Monitoring traffic on default peer-to-peer ports such as 6346 (LimeWire TCP), 6347 (LimeWire UDP), 4662, 4672, 6881 (BitTorrent TCP) and 6889. Custom reports showing the presence of music and video files on the network. Reports showing downloads from known file-sharing sites such as Rapidshare.


Database Audit Software | NetFort Technologies

It works by monitoring the network traffic that passes through the SPAN or NetFlow port on your core network switch, using deep packet inspection techniques to analyze the traffic and identify the SQL statements that users and applications are transmitting over network.


Network Intrusion Detection Software | NetFort Technologies

When the IDS detects an event that matches a signature, it stores the details in the LANGuardian database, including the source and destination IP addresses, the rule that triggered the event, and event-specific information. Combined, the information stored in the database by the traffic analysis engine and the IDS provide a detailed snapshot of network activity, with efficient storage and no performance impact.