Solved

retrive Auditing logs in windows 2008

Posted on 2013-05-19
4
134 Views
Last Modified: 2013-11-12
Dear All

I have one shared folder deleted and we enabled auditing, but when I checked the securety logs I found logs only for one day. how I can see previse day or date . I want know who is deleted the folders.
or there is any tool .

we have windows 2008 R2
0
Comment
Question by:human1900
4 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 500 total points
ID: 39179439
By default logs are kept until they reach a pre-determined size, once you exceed the limit then the older events are purged to make way for newer events. Once there gone, there gone.
You can specify the size of the log and how they behave. You can do this on an individual log or via a group policy

http://www.vanstechelman.eu/windows/group_policy_settings/security_settings/event_log
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 39180485
you need to set the amount of logs to be stored and behaviour once they get full.
Set a higher amout of space and manually save the logs so that you can review them later if required. (see attached)

http://www.splunk.com/view/free-vs-enterprise/SP-CAAAE8W 
gives you a good way to manage all the eventlogs in your environment.
Capture.JPG
0
 
LVL 7

Expert Comment

by:manthanein
ID: 39180557
since event log files  automatically deletes  records try creating  a  batch  file  (set  to be run  daily)  that  will  dump the event logs   automatically   using the tool below:

http://technet.microsoft.com/en-us/sysinternals/bb897544
0
 
LVL 2

Expert Comment

by:oliverbob
ID: 39234715
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Outlook Free & Paid Tools
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now