retrive Auditing logs in windows 2008

Dear All

I have one shared folder deleted and we enabled auditing, but when I checked the securety logs I found logs only for one day. how I can see previse day or date . I want know who is deleted the folders.
or there is any tool .

we have windows 2008 R2
human1900Asked:
Who is Participating?
 
KCTSConnect With a Mentor Commented:
By default logs are kept until they reach a pre-determined size, once you exceed the limit then the older events are purged to make way for newer events. Once there gone, there gone.
You can specify the size of the log and how they behave. You can do this on an individual log or via a group policy

http://www.vanstechelman.eu/windows/group_policy_settings/security_settings/event_log
0
 
Pramod UbheCommented:
you need to set the amount of logs to be stored and behaviour once they get full.
Set a higher amout of space and manually save the logs so that you can review them later if required. (see attached)

http://www.splunk.com/view/free-vs-enterprise/SP-CAAAE8W 
gives you a good way to manage all the eventlogs in your environment.
Capture.JPG
0
 
manthaneinCommented:
since event log files  automatically deletes  records try creating  a  batch  file  (set  to be run  daily)  that  will  dump the event logs   automatically   using the tool below:

http://technet.microsoft.com/en-us/sysinternals/bb897544
0
 
oliverbobCommented:
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.