Event Log

Posted on 2006-05-24
Last Modified: 2010-04-11
One of our employees thinks that someone else has been accessing their computer. I am starting to agree with them now that I noticed that the Security Event log has been cleared out. Is there anyway for me to see when this occured? Or is there some form of auditing that I need to setup  to catch it in the future?
Question by:MJoshua
    LVL 53

    Expert Comment

    by:Will Szymkowski
    Hello there,

    As for restoring the log this not possible. What you might want to do is a system restore and see if that helps.

    LVL 1

    Author Comment

    System Restore is off, and I do not think that a system restore would bring back the eventlog. It would only restore the system state (drivers/settings).

    I am not looking to restore the Security Event Log (that would be REALLY nice though). I just want to see when it happened or by whom. Where else would there be a record?

    (sorry if I did not make it clear in my origional post.)

    LVL 38

    Accepted Solution

    PsLogList will let you track all Event Viewer logs (saving to any location you like).
    Try it for free:
    LVL 32

    Expert Comment

    "Where else would there be a record?"

    Do a search for all files created/modified during a certain time period. That may give you a clue.
    LVL 24

    Assisted Solution

    Given that my log is continually being updated,

    >  I just want to see when it happened

    It happened right before the new records were placed in the log. Check the timestamps of events.

    Possibly the logfile was full. Review setting for handling space for messages, and for what to do when it gets full.
    LVL 38

    Expert Comment

    "Full log files" is a really good reason for having them re-directed to a different location.
    No size restrictions and you can do some quick Perl scripting (or text searching) to find any particulars you are looking for.
    We quit relying on the 'default' logs years ago and have been grateful every since.
    LVL 2

    Assisted Solution

    Install Sygate Firewall on the client computer being connected to.
    By default it does not allow incoming network share connection attempts.
    You can then review the logs for any attempts (rather than trying to work out what happened after the damage is done)

    I hope this helps.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Suggested Solutions

    Title # Comments Views Activity
    ACAS / Nessus 2 64
    Why can't I delete this folder? 6 68
    Truecrypt and swap 6 78
    Is this error real? 2 31
    When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now