Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Recover archived Event Logs

Posted on 2007-04-10
5
Medium Priority
?
278 Views
Last Modified: 2010-04-19
Dear Experts,

Can anyone tell me how I can access older event logs than are available on the Event viewer. I need to look at the Security event log from the middle of last month but the records only start on 1st April. I am presuming that SBS 2003 has auto aged them but hoping they are also archived somewhere so I can recover them. I have never modified these settings so should be a default SBS setup. Can anyone help ?

Thanks
RangerLad
0
Comment
Question by:RangerLad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18884833
The logs don't archive them... they are limited in size and older records are deleted to make room for new ones.

You would need a third party event log archiving tool in order to accomplish that... although it sounds like that recommendation is a bit late for your current needs.

Externall access logs, however, are kept because those would be coming in through IIS.  You'll find those logs in C:\Windows\System32\logfiles\

Jeff
TechSoEasy
0
 

Author Comment

by:RangerLad
ID: 18887794
Sounds like I have missed the boat on this one then. Unless there is another way to track what date/time users logged onto the network ?

RangerLad
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18887846
Internally?  There actually is, in a way.  Although it won't be definitive to the person but rather the workstation.  

Are you trying to prove whether or not someone logged in at a certain time?  Or later? etc?

There are various logs on each workstation which record a number of activities.  The one that I'm thinking of which would always timestamp an initial login for the day is C:\Program Files\Microsoft Windows Small Business Server\Clients\SBSClientApps.log.  This log file is appended by the SBS_LOGIN_SCRIPT which runs whenever someone logs on.  There is no growth management of the log, so it just keeps growing and has information back to the day the workstation was deployed.  But it doesn't log username.

Jeff
TechSoEasy
0
 

Author Comment

by:RangerLad
ID: 18887932
Jeff

Yes, finding out the workstation logons is exactly what I need. I assume you mean that a central log is on the server rather than each workstation ? The only messages in this log on the server are:

10/04/2007 18:33
-- Starting AppLnch.exe --
-- calling DwWaitForShell( 45000 )
- CreateMutex() returned valid and didn't already exist -
CheckPreInstall() - Server-Admin Shortcut already
-- Main() - on the SBS server, did the server-side work, exiting --

Repeated hundereds of times for various dates, they are not consistant with instances of logons to networks

RangerLad
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 1000 total points
ID: 18901468
No I was not saying that a central log is on the server rather than on each workstation.  I specifically stated that these are on each workstation.

Jeff
TechSoEasy
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question