[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 199
  • Last Modified:

How can we find who cleared the event log in a machine.

Hi,

Is there any way to find who cleared the event logs of a machine.Security logs?

regards'
Sharath
0
bsharath
Asked:
bsharath
  • 4
  • 2
1 Solution
 
oBdACommented:
That's only logged by default for the security event log. If the event hasn't been overwritten yet, then the very first entry in the security event log should be an Event ID 517, indicating which user deleted the log file.
0
 
bsharathAuthor Commented:
I just checked now.The event log system is not working at all.Even thought there were many sessions and mstsc sessions not even 1 is being captured.How can i check this problem.
0
 
oBdACommented:
Which OS are we talking about? By default, logons are only audited in Server 2003; for XP, that would have to have been enabled explicitly.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
bsharathAuthor Commented:
I have windows 2003 Machines
0
 
bsharathAuthor Commented:
Any help..

What are the services required for the event log to work properly...
0
 
bsharathAuthor Commented:
Any help...
0
 
zoofanCommented:
Event Log service has no dependencies, is it possiable that either auditing has been disabled or smiply a filter has been applied to Event Viewer?

Enable security logging.
http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/AdminTips/Security/EnableSecurityLogging.html

To check the filters, in event viewer right click on the log file IE(security) and select properties then filter tab.


zf
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now