I have followed the directions in the link below to turn on auditing.
I am having a couple of issues with this.
First, since I enabled auditing on a test share, the necessary events are not showing up in the security log. I attached a picture of the audit tab I setup on the folder I am trying to test. Please let me know if there is anything wrong here.
I also have auditing turned on in the GP security audit policy. I attached that as well. Please let me know if this is correct or not.
This server was just installed last year and I don't remember turning auditing on for any other folders but for some reason, the security log fills up with several event logs per second and it fills the log so fast that it is a huge pain to search through. I also tried using a filter to look for events 560 or 564 to try and find the file I deleted to test but that log was not there.
What am I missing? How can I make an even occur when a file or folder is deleted and how do I cut down on the number of events happening in the security log?
This is for a 2012 windows server.