Security logs not updating

G

Guest

Greetings

I have an issue where there are no entries in the security log, and the
latest SecEvent.Evt file is nearly 1 1/2 years old! The other two event logs,
applications and system, are updating normally. I've looked at the reg keys
and they appear ok; any ideas?

WinXP Pro, SP2 and all the fixings,. McAfee v10
Thanks!
 
N

Nepatsfan

(e-mail address removed),
CapWx said:
Greetings

I have an issue where there are no entries in the security
log, and the latest SecEvent.Evt file is nearly 1 1/2 years
old! The other two event logs, applications and system, are
updating normally. I've looked at the reg keys and they
appear ok; any ideas?

WinXP Pro, SP2 and all the fixings,. McAfee v10
Thanks!
Click to expand...

Have you enabled auditing of account logon events in your Local
Security Policy?

Start -> Run -> secpol.msc or Start -> Control Panel ->
Administrative Tools -> Local Security Policy

Navigate to Security Settings\Local Policies\Audit Policy

Right click Account Logon Events in the right hand pane and
enable Success and Failure. That will cover the majority of
events. If you want you can also enable logging of additional
events. Take a look at this article for more information:

Enabling Auditing Policies
http://www.microsoft.com/resources/...Windows/XP/all/reskit/en-us/prdd_sec_xutj.asp

Good luck

Nepatsfan
 
S

Steven L Umbach

Check the properties of the security log to make sure it is not set at "do
not overwrite events" (clear log manually). If it is change it to one of the
other options and you may want to increase the size of it quite a bit from
default. Also try clearing [clear all events] it in case there is some
corruption that it may clear up. --- Steve
 
G

Guest

Greetings

That solved the trick. Somehow the auditing for these events was disabled.
Don't know how or when but I've reenabled them and the security logs are now
again updating.Thanks! Didn't even theink of checking the audits...

Capwx

Have you enabled auditing of account logon events in your Local
Security Policy?

Start -> Run -> secpol.msc or Start -> Control Panel ->
Administrative Tools -> Local Security Policy

Navigate to Security Settings\Local Policies\Audit Policy

Right click Account Logon Events in the right hand pane and
enable Success and Failure. That will cover the majority of
events. If you want you can also enable logging of additional
events. Take a look at this article for more information:

Enabling Auditing Policies
http://www.microsoft.com/resources/...Windows/XP/all/reskit/en-us/prdd_sec_xutj.asp

Good luck

Nepatsfan
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Security Event Logs / Network access 1
Security logs not getting generated 1
Re: Application, Security and System log files - where are they located 2
Event Viewer - scheduling backups of event logs 2
Windows XP Security Logs Posting to Windows 2000 Station 2
Event log issues 1
Is this normal or a security breach? 2
Security Logs Fill with Event 560 when limited users log in 3

Top