Solved

retrive Auditing logs in windows 2008

Posted on 2013-05-19
4
139 Views
Last Modified: 2013-11-12
Dear All

I have one shared folder deleted and we enabled auditing, but when I checked the securety logs I found logs only for one day. how I can see previse day or date . I want know who is deleted the folders.
or there is any tool .

we have windows 2008 R2
0
Comment
Question by:human1900
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 500 total points
ID: 39179439
By default logs are kept until they reach a pre-determined size, once you exceed the limit then the older events are purged to make way for newer events. Once there gone, there gone.
You can specify the size of the log and how they behave. You can do this on an individual log or via a group policy

http://www.vanstechelman.eu/windows/group_policy_settings/security_settings/event_log
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 39180485
you need to set the amount of logs to be stored and behaviour once they get full.
Set a higher amout of space and manually save the logs so that you can review them later if required. (see attached)

http://www.splunk.com/view/free-vs-enterprise/SP-CAAAE8W 
gives you a good way to manage all the eventlogs in your environment.
Capture.JPG
0
 
LVL 7

Expert Comment

by:manthanein
ID: 39180557
since event log files  automatically deletes  records try creating  a  batch  file  (set  to be run  daily)  that  will  dump the event logs   automatically   using the tool below:

http://technet.microsoft.com/en-us/sysinternals/bb897544
0
 
LVL 2

Expert Comment

by:oliverbob
ID: 39234715
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
In this step by step procedure, you will come to know the details of creating an Outlook meeting in 2007, 2010, 2013 & 2016.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question