Security Auditing

I am just in the process of finalising my Windows Server 2003. Now I have to setup the security logs.

What can be logged? I'd like a list of everything. And where I can setup logs. Also how big can your logs folder become?
What the security events I must log?

LVL 5
georgecooldudeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

harleyjdCommented:
The problem with windoze security event auditing is that it logs too much, and the logs are hard to parse.

The logs are actually stored in event viewer, under security, so there's no easy way to view them. You do have complete control on size, retention time and overwrite options, but it's still pretty useless imho. Right click "my Computer", click "manage" then you'll see the logs...

to turn on the auditing review
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/en-us/auditTN.asp

and have a browse through http://www.windowsecurity.com/


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
georgecooldudeAuthor Commented:
I've come accross the Microsoft links already.

Are there any guides around on the must haves and the best ways to audit?
0
harleyjdCommented:
If you've already found those links then you have all the information at your fingertips...

It's not a simple thing to undertake, not so much because it's hard, but because you just get snowed under...  try this one, anyway...

http://www.windowsecurity.com/articles/Auditing-Users-Groups-Windows-Security-Log.html
0
georgecooldudeAuthor Commented:
yeah I found those links ironically helping someone who had a similar question to this. ;)

I'll close this, as you took the time to post =)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.