Event Viewer Getting Full

[Guest]

Event Viewer Getting Full when I enable object access . But I want to audit
the deletion of files . Please help in this regard

 

[Steven L Umbach]

That is normal. You can increase the size of the security log and by default it is
quite small. Something like 10mb would be a good start.I would recommend that you
audit for only specific files and avoid using the users and everyone group to audit.
Also audit only the deletion permission. The less parameters you audit, the less
events in the log though it will never be a small amount when object access auditing
is enabled. --- Steve

http://www.microsoft.com/technet/security/guidance/secmod144.mspx

 

[Guest]

Is there any other way to see the deletion of folder without enabling object
access ?
Please Reply

 

[Paul Adare - MVP - Microsoft Virtual PC]

microsoft.public.win2000.security news group, =?Utf-8?B?U1NL?=

Is there any other way to see the deletion of folder without enabling object
access ?
Please Reply

No.

 

[Steven L Umbach]

No, auditing of object access must be enabled. You can however use "filter" view of
the security log, search with EventComb, or dump the logs and search them that way
for specific file names, users, etc. --- Steve

http://www.sysinternals.com/ntw2k/freeware/psloglist.shtml -- PsLogList to dump lof
files by criteria.