Re: Security Event Log Empty

From: Lesley Kipling [MSFT] (leskip_at_online.microsoft.com)
Date: 02/28/05

• Next message: William Dicks: "Smart Card Base Components problem on XP"
• Previous message: Raoul Molenkamp: "Full control HKCR no explorer anymore"
• In reply to: Treeman: "Security Event Log Empty"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 28 Feb 2005 13:29:34 -0000

Hi.

Well this depends entirely on what you are trying to achieve.

Take a look at the following link - this will help you decide your audit
strategy. Auditing comes at a overhead and often customers who audit for
too many actions without having a log management strategy end up with vast
security logs, slow servers and too many audits to spot a trend :)

Windows XP Security Guide
Chapter 3: Security Settings for Windows XP Clients
http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/xpsgch03.mspx

Windows 2000 Auditing and Intrusion Detection
http://www.microsoft.com/technet/security/prodtech/windows2000/secmod144.mspx

Cheers, Les

"Treeman" <Treeman.1l0sdm@pcbanter.net> wrote in message
news:Treeman.1l0sdm@pcbanter.net...
>
> Thanks Les,
> I checked out the local poicies and nothing was enabled for auditing.
> What is the minumum audit policy you recommend?
> Thanks,
> Treeman
>
> 'Lesley Kipling [MSFT Wrote:
>> ']Hi.
>>
>> Have you set up the system to do auditing? Start\run type secpol.msc
>> then
>> under local policies\audit policy, check security setting is set to
>> either
>> success\failure\both (depending on what you want to audit.) A dual
>> server
>> logo next to the audit policy is indicative that the policy comes from
>> the
>> domain level.
>>
>> How To View and Manage Event Logs in Event Viewer in Windows XP
>> WGID:358
>> ID: 308427
>>
>> How To Audit User Access of Files, Folders, and Printers in Windows XP
>> WGID:374
>> ID: 310399
>>
>> If you have set it up and it is failing it may be a corrupted log.
>> Have you
>> tried to open it on another machine? Does the number of secuirty
>> events
>> list anything other than 0?
>>
>> Cheers, Les
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>>
>> "Treeman" Treeman.1kx322@pcbanter.net wrote in message
>> news:Treeman.1kx322@pcbanter.net...-
>>
>> Just wondering why my Security log files in Event viewer is empty. I
>> mean _no_ events at all showing. XP Pro SP-1
>> Treeman
>>
>>
>> --
>> Treeman-
>
>
> --
> Treeman

---

• Next message: William Dicks: "Smart Card Base Components problem on XP"
• Previous message: Raoul Molenkamp: "Full control HKCR no explorer anymore"
• In reply to: Treeman: "Security Event Log Empty"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)