Security Event Log Empty

T

Treeman

Thanks Les,
I checked out the local poicies and nothing was enabled for auditing.
What is the minumum audit policy you recommend?
Thanks,
Treeman

'Lesley Kipling [MSFT said:
']Hi.

Have you set up the system to do auditing? Start\run type secpol.msc
then
under local policies\audit policy, check security setting is set to
either
success\failure\both (depending on what you want to audit.) A dual
server
logo next to the audit policy is indicative that the policy comes from
the
domain level.

How To View and Manage Event Logs in Event Viewer in Windows XP
WGID:358
ID: 308427

How To Audit User Access of Files, Folders, and Printers in Windows XP
WGID:374
ID: 310399

If you have set it up and it is failing it may be a corrupted log.
Have you
tried to open it on another machine? Does the number of secuirty
events
list anything other than 0?

Cheers, Les

This posting is provided "AS IS" with no warranties, and confers no
rights.


"Treeman" (e-mail address removed) wrote in message

Just wondering why my Security log files in Event viewer is empty. I
mean _no_ events at all showing. XP Pro SP-1
Treeman
Click to expand...
 
L

Lesley Kipling [MSFT]

Hi.

Well this depends entirely on what you are trying to achieve.

Take a look at the following link - this will help you decide your audit
strategy. Auditing comes at a overhead and often customers who audit for
too many actions without having a log management strategy end up with vast
security logs, slow servers and too many audits to spot a trend :)

Windows XP Security Guide
Chapter 3: Security Settings for Windows XP Clients
http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/xpsgch03.mspx

Windows 2000 Auditing and Intrusion Detection
http://www.microsoft.com/technet/security/prodtech/windows2000/secmod144.mspx

Cheers, Les

Treeman said:
Thanks Les,
I checked out the local poicies and nothing was enabled for auditing.
What is the minumum audit policy you recommend?
Thanks,
Treeman

'Lesley Kipling [MSFT said:
']Hi.

Have you set up the system to do auditing? Start\run type secpol.msc
then
under local policies\audit policy, check security setting is set to
either
success\failure\both (depending on what you want to audit.) A dual
server
logo next to the audit policy is indicative that the policy comes from
the
domain level.

How To View and Manage Event Logs in Event Viewer in Windows XP
WGID:358
ID: 308427

How To Audit User Access of Files, Folders, and Printers in Windows XP
WGID:374
ID: 310399

If you have set it up and it is failing it may be a corrupted log.
Have you
tried to open it on another machine? Does the number of secuirty
events
list anything other than 0?

Cheers, Les

This posting is provided "AS IS" with no warranties, and confers no
rights.


"Treeman" (e-mail address removed) wrote in message

Just wondering why my Security log files in Event viewer is empty. I
mean _no_ events at all showing. XP Pro SP-1
Treeman
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Security Event Log Empty 1
File Auditing Question 3
Audit time change attempt by users and logging in event viewer 1
Failure Audits in the secruity log Event Viewer 3
Object Access Auditing causes security log to fill up 3
Win2K Auditing / Security Event Log Problems 2
Auditing / Event Log Entries... 4
Auditing Events 4

Top