I have a application server running which, unfortunately runs a fairly insecure enterprise application. Someone (probably on the inside) has compromised shares on this box. Due to the architecture, I can't lock it down without rendering something very important to our organization useless(and probably losing my job). I have been doing all kinds of logging, but I can't seem to extrapolate a hostname or IP address from the event logs due to the way this person is breaking in. Does anyone know of any additional tools I could use to monitor EVERY IP or hostname accessing this box? I'm looking for something lightweight , because I doubt they would allow me to install Snort or something of the like. Thanks