Solved

Recover archived Event Logs

Posted on 2007-04-10
5
273 Views
Last Modified: 2010-04-19
Dear Experts,

Can anyone tell me how I can access older event logs than are available on the Event viewer. I need to look at the Security event log from the middle of last month but the records only start on 1st April. I am presuming that SBS 2003 has auto aged them but hoping they are also archived somewhere so I can recover them. I have never modified these settings so should be a default SBS setup. Can anyone help ?

Thanks
RangerLad
0
Comment
Question by:RangerLad
  • 3
  • 2
5 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18884833
The logs don't archive them... they are limited in size and older records are deleted to make room for new ones.

You would need a third party event log archiving tool in order to accomplish that... although it sounds like that recommendation is a bit late for your current needs.

Externall access logs, however, are kept because those would be coming in through IIS.  You'll find those logs in C:\Windows\System32\logfiles\

Jeff
TechSoEasy
0
 

Author Comment

by:RangerLad
ID: 18887794
Sounds like I have missed the boat on this one then. Unless there is another way to track what date/time users logged onto the network ?

RangerLad
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18887846
Internally?  There actually is, in a way.  Although it won't be definitive to the person but rather the workstation.  

Are you trying to prove whether or not someone logged in at a certain time?  Or later? etc?

There are various logs on each workstation which record a number of activities.  The one that I'm thinking of which would always timestamp an initial login for the day is C:\Program Files\Microsoft Windows Small Business Server\Clients\SBSClientApps.log.  This log file is appended by the SBS_LOGIN_SCRIPT which runs whenever someone logs on.  There is no growth management of the log, so it just keeps growing and has information back to the day the workstation was deployed.  But it doesn't log username.

Jeff
TechSoEasy
0
 

Author Comment

by:RangerLad
ID: 18887932
Jeff

Yes, finding out the workstation logons is exactly what I need. I assume you mean that a central log is on the server rather than each workstation ? The only messages in this log on the server are:

10/04/2007 18:33
-- Starting AppLnch.exe --
-- calling DwWaitForShell( 45000 )
- CreateMutex() returned valid and didn't already exist -
CheckPreInstall() - Server-Admin Shortcut already
-- Main() - on the SBS server, did the server-side work, exiting --

Repeated hundereds of times for various dates, they are not consistant with instances of logons to networks

RangerLad
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 250 total points
ID: 18901468
No I was not saying that a central log is on the server rather than on each workstation.  I specifically stated that these are on each workstation.

Jeff
TechSoEasy
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now