Event Logs

  • Thread starter Thread starter ia1234
  • Start date Start date
I

ia1234

Dear All,

Is there a standard configuration/policy file in Windows XP that determines
which events are written in the event logs (be it application log, security
log, system log), and which events wont be written to these logs. Like a
policy file determing which you wuill find and which you wont? If so where is
its location? I have used event viewing tools before to determine if someone
printed a document, cant remember event ID of top of my head but on some
machines this is stored, in the event logs, on others it is not, so to save
me some time in analysis if there is an event policy file I could do with
knowing about it.
 
Is there a standard configuration/policy file in Windows XP that determines
which events are written in the event logs (be it application log, security
log, system log), and which events wont be written to these logs. Like a
policy file determing which you wuill find and which you wont?
Click to expand...

No: there is no standard or uniform set of protocols. Events that
may be logged are so different (e.g. installation of the OS, installation
or update of an application, an Internet session) that no uniform
list of events would satisfy all users of all logs.
 
ia1234 said:
Dear All,

Is there a standard configuration/policy file in Windows XP that determines
which events are written in the event logs (be it application log, security
log, system log), and which events wont be written to these logs. Like a
policy file determing which you wuill find and which you wont? If so where is
its location? I have used event viewing tools before to determine if someone
printed a document, cant remember event ID of top of my head but on some
machines this is stored, in the event logs, on others it is not, so to save
me some time in analysis if there is an event policy file I could do with
knowing about it.
Click to expand...

As far as I know the Event Log does not record printing activity, if you
were/are seeing these kind of events you were/are probably using third
party software to accomplish this. Or perhaps you were/are doing file
auditing on a particular document...

John
 
Back
Top