Application logging

B

BingBangBop

Storage is cool
Joined
Nov 15, 2009
Messages
667
Is there an inexpensive Windows application in the form of a service that will timestamp to a text file when every new application starts and stops running, the pathname of the executable and the username who initiated the program? I do not want it at the process or thread level (too much detail) but just at the actual application level. The name and location of the text file needs to be configurable to a networked fileshare location.

Seems to me this would be a very basic security logging capability that should be built into Windows but as far as I can tell isn't.
 
Mercutio

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,303
Location
I am omnipresent
I've found that they can be PAINFUL to implement. They're very intrusive on business machines and you'll really have to work with the vendor if you go that route.
 
Handruin

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,931
Location
USA
This product you seek would need to contain some kind of look-up table to associate a process to an application because that is of course what the application is (a basic running process or processes). I understand you do not want process level, so that's why a conversion would be required.

I don't know if you're the kind to roll your own software, but there is a basic framework here that may cover some of what you're looking for through the use of WMI events. A reference database (look-up) would need to be added to convert the process name to an easy to read application name. There may be some creative ways to poll online spyware websites to do this conversion for you. Logging the events to the format you requested sounds very doable. The user interface could give you a way to register an application name to a process or set of processes and for the ones which start/stop without a known application name, it could prompt you for interaction. Just some ideas...
 
You must log in or register to reply here.
Top