Solved

retrive Auditing logs in windows 2008

Posted on 2013-05-19
4
137 Views
Last Modified: 2013-11-12
Dear All

I have one shared folder deleted and we enabled auditing, but when I checked the securety logs I found logs only for one day. how I can see previse day or date . I want know who is deleted the folders.
or there is any tool .

we have windows 2008 R2
0
Comment
Question by:human1900
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 500 total points
ID: 39179439
By default logs are kept until they reach a pre-determined size, once you exceed the limit then the older events are purged to make way for newer events. Once there gone, there gone.
You can specify the size of the log and how they behave. You can do this on an individual log or via a group policy

http://www.vanstechelman.eu/windows/group_policy_settings/security_settings/event_log
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 39180485
you need to set the amount of logs to be stored and behaviour once they get full.
Set a higher amout of space and manually save the logs so that you can review them later if required. (see attached)

http://www.splunk.com/view/free-vs-enterprise/SP-CAAAE8W 
gives you a good way to manage all the eventlogs in your environment.
Capture.JPG
0
 
LVL 7

Expert Comment

by:manthanein
ID: 39180557
since event log files  automatically deletes  records try creating  a  batch  file  (set  to be run  daily)  that  will  dump the event logs   automatically   using the tool below:

http://technet.microsoft.com/en-us/sysinternals/bb897544
0
 
LVL 2

Expert Comment

by:oliverbob
ID: 39234715
0

Featured Post

Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
Finding original email is quite difficult due to their duplicates. From this article, you will come to know why multiple duplicates of same emails appear and how to delete duplicate emails from Outlook securely and instantly while vital emails remai…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question