Solved

Recover archived Event Logs

Posted on 2007-04-10
5
276 Views
Last Modified: 2010-04-19
Dear Experts,

Can anyone tell me how I can access older event logs than are available on the Event viewer. I need to look at the Security event log from the middle of last month but the records only start on 1st April. I am presuming that SBS 2003 has auto aged them but hoping they are also archived somewhere so I can recover them. I have never modified these settings so should be a default SBS setup. Can anyone help ?

Thanks
RangerLad
0
Comment
Question by:RangerLad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18884833
The logs don't archive them... they are limited in size and older records are deleted to make room for new ones.

You would need a third party event log archiving tool in order to accomplish that... although it sounds like that recommendation is a bit late for your current needs.

Externall access logs, however, are kept because those would be coming in through IIS.  You'll find those logs in C:\Windows\System32\logfiles\

Jeff
TechSoEasy
0
 

Author Comment

by:RangerLad
ID: 18887794
Sounds like I have missed the boat on this one then. Unless there is another way to track what date/time users logged onto the network ?

RangerLad
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18887846
Internally?  There actually is, in a way.  Although it won't be definitive to the person but rather the workstation.  

Are you trying to prove whether or not someone logged in at a certain time?  Or later? etc?

There are various logs on each workstation which record a number of activities.  The one that I'm thinking of which would always timestamp an initial login for the day is C:\Program Files\Microsoft Windows Small Business Server\Clients\SBSClientApps.log.  This log file is appended by the SBS_LOGIN_SCRIPT which runs whenever someone logs on.  There is no growth management of the log, so it just keeps growing and has information back to the day the workstation was deployed.  But it doesn't log username.

Jeff
TechSoEasy
0
 

Author Comment

by:RangerLad
ID: 18887932
Jeff

Yes, finding out the workstation logons is exactly what I need. I assume you mean that a central log is on the server rather than each workstation ? The only messages in this log on the server are:

10/04/2007 18:33
-- Starting AppLnch.exe --
-- calling DwWaitForShell( 45000 )
- CreateMutex() returned valid and didn't already exist -
CheckPreInstall() - Server-Admin Shortcut already
-- Main() - on the SBS server, did the server-side work, exiting --

Repeated hundereds of times for various dates, they are not consistant with instances of logons to networks

RangerLad
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 250 total points
ID: 18901468
No I was not saying that a central log is on the server rather than on each workstation.  I specifically stated that these are on each workstation.

Jeff
TechSoEasy
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question