Audit Policy (security logs)

From: "SBN via WinServerKB.com" <u32166@uwe>
Date: Tue, 21 Aug 2007 02:18:40 GMT

Hey guys im trying to implement audit policy in our network and im trying to
test it. i setup a certain folder to be audited and i tried to create a file,
delete a file, move a files and check the security log events. and theres a
lot of security logs about the activity that i did but on the logs there are
so many. my problem now is that how can i differentiate and determined the
log saying that this file has been move to here, this file has been deleted,
or this file has been created.

hope you can help guys:)

--
Message posted via http://www.winserverkb.com

.

Prev by Date: Re: audit logon/logoff events on terminal server
Next by Date: Virus cleanup - fix compromised windows firewall settings
Previous by thread: Re: audit logon/logoff events on terminal server
Next by thread: Virus cleanup - fix compromised windows firewall settings
Index(es):
- Date
- Thread

Relevant Pages

Auditing Question
... I want to audit logon events and object access for success ... shared the folder and verified the shared folder and NTFS permissions. ... Security log shows plenty of “successes” but no “failures” when I try to ... What did I miss to make this work over the network? ...
(microsoft.public.windowsxp.security_admin)
How do I check when a certain user logged on?
... You need to audit user logon events. ... certian users or all users. ... Once this is setup, you will ... viewer, security log. ...
(microsoft.public.win2000.security)
how to allow a user access to our server event logs?
... We want to setup a user on our domain with access to our Windows Server 2003 event logs, specifically the security log. ...
(microsoft.public.windows.server.general)
Re: How to validate User ID creation date in Windows XP
... You could query the Security Log but you will only get the information if the log was setup to record events 624 and providing that the log wasn't purged or overwritten: ...
(microsoft.public.windowsxp.general)
Event viewer - plugin
... we have several DCs and GPO is setup to save all log on and log off actions ... Instead checking all security log in Event ... I'd like to use any useful software (like SCOM or any other GUI ... plugin) which could sort out security event viewer and tell me like "user ...
(microsoft.public.windows.server.general)