Avatar of Pau Lo
Pau Lo
 asked on

Event logs XP

I know the data in the local event logs on an XP machine are determined by the admin. But where on the machine can you see what has been setup in terms of events to be logged in the local event logs? Is there an area where admin can pcik and choose what events to log and how long to keep them for? Where on the XP machine can this be configured/seen?
Windows XPWindows OSMicrosoft Legacy OS

Avatar of undefined
Last Comment
Pau Lo

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
MFlaig

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
motnahp00

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Pau Lo

ASKER
So by default all events are logged? I cant really see from that link where you can see which events are logged and which arent....
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Pau Lo

ASKER
>>You can configure size within the Properties for a particular log

But an admin cant say only add these events to the log, ignore these they arent of any use... i.e. you cant pick what events go in a log and which dont?
Pau Lo

ASKER
>>in the event viewer, right click the event registry you wants to modify and then click properties.


Done that, and then what? I see 2 tabs, one general, one filter. Neither show for all the various events which are logged and which arent.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
motnahp00

By default, you need to enable the auditing policies for your machine.

gpedit.msc -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policy -> ...

Right click on each audit option and click Properties and then the Explain tab. You can read into full detail what each one does.
ienaxxx

No, you can't configre that.
Applications and system objects should be free to log anything.
Pau Lo

ASKER
Is there anywhere to see where the actual log file is on the PC, i.e. which folder? For example I have an event log category called "Pointsec", I would be interested to know where that and "application", "security" etc live.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
motnahp00

I don't have an XP machine readily available but see if you have an option to create a custom view or filter in the right window pane.
Pau Lo

ASKER
hmm cant anything along those lines...
motnahp00

Your help has saved me hundreds of hours of internet surfing.
fblack61
Pau Lo

ASKER
Ah in log name on the general tab it gives a path, but for some reason for the pointsec one it doesnt show where it lives...
Pau Lo

ASKER
Its in the same folders where the password hash files are.