Users are reporting that folders keep mysteriously moving and nobody will take credit. I would like to track this via the security audit logs. Because I'm logging about 5-10 events per second, I can't obtain more than a few hours of logs when I really needs weeks worth of logs.
I would like to temporarily turn off all security logs except for this particular log but I'm not sure how to configure what is logged.
Any advice would be helpful.