No Security Events showing....

[Kelvin Beaton]

I have a Win 2000 server running as a DC with AD.

In the event viewer there are no events in the Security Log folder. There
are events in all the other folders. Is there a reason this would be empty?
It looks like it's configured like the rest of the Events.
Am I missing something obvious here?

Thanks

Kelvin

 

[Lanwench [MVP - Exchange]]

Hi - any reason you've posted this in a WinXP group?
Go into event viewer and change the properties of the system log (and *all*
logs) so that "overwrite as needed" is selected, and bump up the max sizes a
lot. I'd do 20MB each if it were me.

 

[Kelvin Beaton]

Sorry for posting this in the wrong group, my mistake.

I've made the changes like you recommented. The odd thing is that nothing is
being written to that file. I went and looked at the date of the
SecEvent.Evt file and it basically has the same create and modify date or
Sept 2002.
All the other logs seem to be collecting data. Is there a way to reset this
particular log?

Thanks

Kelvin


"Lanwench [MVP - Exchange]"

 

[Lanwench [MVP - Exchange]]

Try purging it after resetting the settings as suggested (or export it to an
evt file & then purge it)

Sorry for posting this in the wrong group, my mistake.

I've made the changes like you recommented. The odd thing is that
nothing is being written to that file. I went and looked at the date
of the SecEvent.Evt file and it basically has the same create and
modify date or Sept 2002.
All the other logs seem to be collecting data. Is there a way to
reset this particular log?

Thanks

Kelvin


"Lanwench [MVP - Exchange]"

Hi - any reason you've posted this in a WinXP group?
Go into event viewer and change the properties of the system log (and
*all*
logs) so that "overwrite as needed" is selected, and bump up the max
sizes a
lot. I'd do 20MB each if it were me.

 

[Kelvin Beaton]

Thanks for the reply

I exported the Security Events and cleared them also. The system did create
one event saying I had cleared the Security Event Log.....

I logged off and back onto the domain to see if it would create an event,
but it didn't. Not 100% sure it was suppose to. I was looking for some way
to get the Domain Controller to generate an event.

Isn't the Security Event log where I would see failed domain logins?

thanks for your time....



"Lanwench [MVP - Exchange]"

Try purging it after resetting the settings as suggested (or export it to
an
evt file & then purge it)

Sorry for posting this in the wrong group, my mistake.

I've made the changes like you recommented. The odd thing is that
nothing is being written to that file. I went and looked at the date
of the SecEvent.Evt file and it basically has the same create and
modify date or Sept 2002.
All the other logs seem to be collecting data. Is there a way to
reset this particular log?

Thanks

Kelvin


"Lanwench [MVP - Exchange]"

Hi - any reason you've posted this in a WinXP group?
Go into event viewer and change the properties of the system log (and
*all*
logs) so that "overwrite as needed" is selected, and bump up the max
sizes a
lot. I'd do 20MB each if it were me.

Kelvin Beaton wrote:
I have a Win 2000 server running as a DC with AD.

In the event viewer there are no events in the Security Log folder.
There are events in all the other folders. Is there a reason this
would be empty? It looks like it's configured like the rest of the
Events. Am I missing something obvious here?

Thanks

Kelvin

 

[Lanwench [MVP - Exchange]]

Thanks for the reply

I exported the Security Events and cleared them also. The system did
create one event saying I had cleared the Security Event Log.....

I logged off and back onto the domain to see if it would create an
event, but it didn't. Not 100% sure it was suppose to. I was looking
for some way to get the Domain Controller to generate an event.

Isn't the Security Event log where I would see failed domain logins?

Yes, but you need to enable auditing for that in your policies.

thanks for your time....



"Lanwench [MVP - Exchange]"

Try purging it after resetting the settings as suggested (or export
it to an
evt file & then purge it)

Sorry for posting this in the wrong group, my mistake.

I've made the changes like you recommented. The odd thing is that
nothing is being written to that file. I went and looked at the date
of the SecEvent.Evt file and it basically has the same create and
modify date or Sept 2002.
All the other logs seem to be collecting data. Is there a way to
reset this particular log?

Thanks

Kelvin


"Lanwench [MVP - Exchange]"
message Hi - any reason you've posted this in a WinXP group?
Go into event viewer and change the properties of the system log
(and *all*
logs) so that "overwrite as needed" is selected, and bump up the
max sizes a
lot. I'd do 20MB each if it were me.

Kelvin Beaton wrote:
I have a Win 2000 server running as a DC with AD.

In the event viewer there are no events in the Security Log
folder. There are events in all the other folders. Is there a
reason this would be empty? It looks like it's configured like
the rest of the Events. Am I missing something obvious here?

Thanks

Kelvin

 

[Kelvin Beaton]

I'm not 100% sure how to accomplish this.

I'm looking at the "Group Policy" for my domain.
I'm looking at "Computer Confoguration\Windows Settings\Security
Settings\Local Policies\Audit Policy", is this the correct place. I have set
this to audit Sucessful and failed logins, but I'm not sure this is the
correct place as it seems to be for "Local Poliecies" to me that would
referre to the local machine, not the DC.

Am I close, or way off track?

Thanks


"Lanwench [MVP - Exchange]"

Thanks for the reply

I exported the Security Events and cleared them also. The system did
create one event saying I had cleared the Security Event Log.....

I logged off and back onto the domain to see if it would create an
event, but it didn't. Not 100% sure it was suppose to. I was looking
for some way to get the Domain Controller to generate an event.

Isn't the Security Event log where I would see failed domain logins?

Yes, but you need to enable auditing for that in your policies.

thanks for your time....



"Lanwench [MVP - Exchange]"

Try purging it after resetting the settings as suggested (or export
it to an
evt file & then purge it)

Kelvin Beaton wrote:
Sorry for posting this in the wrong group, my mistake.

I've made the changes like you recommented. The odd thing is that
nothing is being written to that file. I went and looked at the date
of the SecEvent.Evt file and it basically has the same create and
modify date or Sept 2002.
All the other logs seem to be collecting data. Is there a way to
reset this particular log?

Thanks

Kelvin


"Lanwench [MVP - Exchange]"
message Hi - any reason you've posted this in a WinXP group?
Go into event viewer and change the properties of the system log
(and *all*
logs) so that "overwrite as needed" is selected, and bump up the
max sizes a
lot. I'd do 20MB each if it were me.

Kelvin Beaton wrote:
I have a Win 2000 server running as a DC with AD.

In the event viewer there are no events in the Security Log
folder. There are events in all the other folders. Is there a
reason this would be empty? It looks like it's configured like
the rest of the Events. Am I missing something obvious here?

Thanks

Kelvin