Recover archived Event Logs

Dear Experts,

Can anyone tell me how I can access older event logs than are available on the Event viewer. I need to look at the Security event log from the middle of last month but the records only start on 1st April. I am presuming that SBS 2003 has auto aged them but hoping they are also archived somewhere so I can recover them. I have never modified these settings so should be a default SBS setup. Can anyone help ?

Thanks
RangerLad
RangerLadAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
The logs don't archive them... they are limited in size and older records are deleted to make room for new ones.

You would need a third party event log archiving tool in order to accomplish that... although it sounds like that recommendation is a bit late for your current needs.

Externall access logs, however, are kept because those would be coming in through IIS.  You'll find those logs in C:\Windows\System32\logfiles\

Jeff
TechSoEasy
0
RangerLadAuthor Commented:
Sounds like I have missed the boat on this one then. Unless there is another way to track what date/time users logged onto the network ?

RangerLad
0
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Internally?  There actually is, in a way.  Although it won't be definitive to the person but rather the workstation.  

Are you trying to prove whether or not someone logged in at a certain time?  Or later? etc?

There are various logs on each workstation which record a number of activities.  The one that I'm thinking of which would always timestamp an initial login for the day is C:\Program Files\Microsoft Windows Small Business Server\Clients\SBSClientApps.log.  This log file is appended by the SBS_LOGIN_SCRIPT which runs whenever someone logs on.  There is no growth management of the log, so it just keeps growing and has information back to the day the workstation was deployed.  But it doesn't log username.

Jeff
TechSoEasy
0
RangerLadAuthor Commented:
Jeff

Yes, finding out the workstation logons is exactly what I need. I assume you mean that a central log is on the server rather than each workstation ? The only messages in this log on the server are:

10/04/2007 18:33
-- Starting AppLnch.exe --
-- calling DwWaitForShell( 45000 )
- CreateMutex() returned valid and didn't already exist -
CheckPreInstall() - Server-Admin Shortcut already
-- Main() - on the SBS server, did the server-side work, exiting --

Repeated hundereds of times for various dates, they are not consistant with instances of logons to networks

RangerLad
0
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
No I was not saying that a central log is on the server rather than on each workstation.  I specifically stated that these are on each workstation.

Jeff
TechSoEasy
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.