Hello, Are you know about some application or script that could be use to track all data from Windows events? I mean similar solution, commercial or free like SysInternals Process Monitor that might be use to: - tracking changes in registry (created, modyfied, deleted, read keys / values) - tracking changes into file system (create, modyfied, delete, read files) - tracking network activities by all processes - logging shell command (parametries cmd, powershell, wscript...) - logging process created - management by the command line - export all activities log to file XML / CSV
You might find this one useful Log-MD: https://www.imfsecurity.com/why-log-md/ Then, of course, there is SysInternals' Sysmon: https://technet.microsoft.com/en-us/sysinternals/sysmon
@Lockdown The Log-MD looks powerful. I will contact with the authors and ask them if their software is enough for my requirements.
The Log-MD publisher is a Windows logging expert, so if anyone can point you to a product that will meet or exceed your needs, then it is him.
@Lockdown Have you know another solutions? Log-MD seems have bug and it doesn't work properly on my testing computer.
any reason for you to track all actions on system, tracking user in special? be aware that your logs will become giga- or terabytes? if you want to track users you need to modify their contracts otherwise no legal action.
Sorry @adrian_sc I do not know of anything else. Maybe there is a similar product out there, but I have yet to find it. I have searched many times in the past for a really good log utility, but never could find anything worthwhile other than Log-MD.
Non-serious reason. I need to logging the changes made by malware. The additonal advantages are include handling of white lists of processes / paths / registry keys, etc. All of this has Log-MD. But I have not been able to start it yet. I contacted with the author and now we're on the right way to resolve my issue. Besides, the software / script must supported the command line management and export logs to CSV / XML / TXT. All similar programs that based only on GUI are not suitable for my requirements. SysInternal Process Monitor would be enough but it does not suitable for commercial use.
I hope Log-MD author can fix it for you. I could not find another system logging utility that combines everything into it as does Log-MD.
@Brummelchen @Lockdown The Log-MD Professional is great and contains all features what I need. Thanks a lot.
In fact, we are working on that since January 2017, so on this time everything in the back-end is almost done. If everything goes according to plan, the first official test will be in October and first comparative result will be published in November. But more details can be given via @.