Re: Auditing Clear All Events in the Event Viewer
From: Eric Fitzgerald [MSFT] (ericf_at_online.microsoft.com)
Date: 06/28/03
- Next message: Tony: "Re: Access problem"
- Previous message: Al Yankovich: "Re: Mysterious login failures"
- In reply to: Linda: "Auditing Clear All Events in the Event Viewer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Jun 2003 18:33:58 -0700
No, this feature is specific to the security log.
You can accomplish something similar by auditing for deletes in the
directory:
%windir%\system32\config
In this case, event 560 would be logged in the security log whenver a log
was cleared. However it's not nearly as clear and more work to find.
Info on how to set up file auditing is in the help and in the Knowledge
Base.
Sorry Linda,
Eric
"Linda" <lindapens@earthlink.net> wrote in message
news:0d6501c33670$7a34e5f0$a601280a@phx.gbl...
> I'm looking for information about auditing clear all
> events when this is done on the application log. When I
> clear all events on the security log the event is audited
> and becomes the first event in the security log after it
> is cleared. I would also like to do this for the
> Application log. Is this possible and if so how? Thanks
- Next message: Tony: "Re: Access problem"
- Previous message: Al Yankovich: "Re: Mysterious login failures"
- In reply to: Linda: "Auditing Clear All Events in the Event Viewer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
