Event logs XP

pma111
pma111 used Ask the Experts™
on
I know the data in the local event logs on an XP machine are determined by the admin. But where on the machine can you see what has been setup in terms of events to be logged in the local event logs? Is there an area where admin can pcik and choose what events to log and how long to keep them for? Where on the XP machine can this be configured/seen?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
No, the event logs cover all aspects. You will have to filter for what you like.

You can configure size within the Properties for a particular log.

Example:

eventvwr.msc -> Windows Logs -> right click Security -> Properties -> Max log size (KB)

Author

Commented:
So by default all events are logged? I cant really see from that link where you can see which events are logged and which arent....
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Commented:
in the event viewer, right click the event registry you wants to modify and then click properties.

in addition, you can select what to log using GPO or local policies (gpedit.msc) under computer conf. ->security settings ...

here: http://support.microsoft.com/kb/310399

HTH. Bye!

Author

Commented:
>>You can configure size within the Properties for a particular log

But an admin cant say only add these events to the log, ignore these they arent of any use... i.e. you cant pick what events go in a log and which dont?

Author

Commented:
>>in the event viewer, right click the event registry you wants to modify and then click properties.


Done that, and then what? I see 2 tabs, one general, one filter. Neither show for all the various events which are logged and which arent.
By default, you need to enable the auditing policies for your machine.

gpedit.msc -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policy -> ...

Right click on each audit option and click Properties and then the Explain tab. You can read into full detail what each one does.

Commented:
No, you can't configre that.
Applications and system objects should be free to log anything.

Author

Commented:
Is there anywhere to see where the actual log file is on the PC, i.e. which folder? For example I have an event log category called "Pointsec", I would be interested to know where that and "application", "security" etc live.
I don't have an XP machine readily available but see if you have an option to create a custom view or filter in the right window pane.

Author

Commented:
hmm cant anything along those lines...

Author

Commented:
Ah in log name on the general tab it gives a path, but for some reason for the pointsec one it doesnt show where it lives...

Author

Commented:
Its in the same folders where the password hash files are.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial