Recover archived Event Logs

Dear Experts,

Can anyone tell me how I can access older event logs than are available on the Event viewer. I need to look at the Security event log from the middle of last month but the records only start on 1st April. I am presuming that SBS 2003 has auto aged them but hoping they are also archived somewhere so I can recover them. I have never modified these settings so should be a default SBS setup. Can anyone help ?

Thanks
RangerLad
RangerLadAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Jeffrey Kane - TechSoEasyConnect With a Mentor Principal ConsultantCommented:
No I was not saying that a central log is on the server rather than on each workstation.  I specifically stated that these are on each workstation.

Jeff
TechSoEasy
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
The logs don't archive them... they are limited in size and older records are deleted to make room for new ones.

You would need a third party event log archiving tool in order to accomplish that... although it sounds like that recommendation is a bit late for your current needs.

Externall access logs, however, are kept because those would be coming in through IIS.  You'll find those logs in C:\Windows\System32\logfiles\

Jeff
TechSoEasy
0
 
RangerLadAuthor Commented:
Sounds like I have missed the boat on this one then. Unless there is another way to track what date/time users logged onto the network ?

RangerLad
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Internally?  There actually is, in a way.  Although it won't be definitive to the person but rather the workstation.  

Are you trying to prove whether or not someone logged in at a certain time?  Or later? etc?

There are various logs on each workstation which record a number of activities.  The one that I'm thinking of which would always timestamp an initial login for the day is C:\Program Files\Microsoft Windows Small Business Server\Clients\SBSClientApps.log.  This log file is appended by the SBS_LOGIN_SCRIPT which runs whenever someone logs on.  There is no growth management of the log, so it just keeps growing and has information back to the day the workstation was deployed.  But it doesn't log username.

Jeff
TechSoEasy
0
 
RangerLadAuthor Commented:
Jeff

Yes, finding out the workstation logons is exactly what I need. I assume you mean that a central log is on the server rather than each workstation ? The only messages in this log on the server are:

10/04/2007 18:33
-- Starting AppLnch.exe --
-- calling DwWaitForShell( 45000 )
- CreateMutex() returned valid and didn't already exist -
CheckPreInstall() - Server-Admin Shortcut already
-- Main() - on the SBS server, did the server-side work, exiting --

Repeated hundereds of times for various dates, they are not consistant with instances of logons to networks

RangerLad
0
All Courses

From novice to tech pro — start learning today.