Security Event Log Empty

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thanks Les,
I checked out the local poicies and nothing was enabled for auditing.
What is the minumum audit policy you recommend?
Thanks,
Treeman

'Lesley Kipling [MSFT Wrote:
> ']Hi.
>
> Have you set up the system to do auditing? Start\run type secpol.msc
> then
> under local policies\audit policy, check security setting is set to
> either
> success\failure\both (depending on what you want to audit.) A dual
> server
> logo next to the audit policy is indicative that the policy comes from
> the
> domain level.
>
> How To View and Manage Event Logs in Event Viewer in Windows XP
> WGID:358
> ID: 308427
>
> How To Audit User Access of Files, Folders, and Printers in Windows XP
> WGID:374
> ID: 310399
>
> If you have set it up and it is failing it may be a corrupted log.
> Have you
> tried to open it on another machine? Does the number of secuirty
> events
> list anything other than 0?
>
> Cheers, Les
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
> "Treeman" Treeman.1kx322@pcbanter.net wrote in message
> news:Treeman.1kx322@pcbanter.net...-
>
> Just wondering why my Security log files in Event viewer is empty. I
> mean _no_ events at all showing. XP Pro SP-1
> Treeman
>
>
> --
> Treeman-


--
Treeman

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi.

Well this depends entirely on what you are trying to achieve.

Take a look at the following link - this will help you decide your audit
strategy. Auditing comes at a overhead and often customers who audit for
too many actions without having a log management strategy end up with vast
security logs, slow servers and too many audits to spot a trend

Windows XP Security Guide
Chapter 3: Security Settings for Windows XP Clients
http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/xpsgch03.mspx

Windows 2000 Auditing and Intrusion Detection
http://www.microsoft.com/technet/security/prodtech/windows2000/secmod144.mspx

Cheers, Les

"Treeman" <Treeman.1l0sdm@pcbanter.net> wrote in message
news:Treeman.1l0sdm@pcbanter.net...
>
> Thanks Les,
> I checked out the local poicies and nothing was enabled for auditing.
> What is the minumum audit policy you recommend?
> Thanks,
> Treeman
>
> 'Lesley Kipling [MSFT Wrote:
>> ']Hi.
>>
>> Have you set up the system to do auditing? Start\run type secpol.msc
>> then
>> under local policies\audit policy, check security setting is set to
>> either
>> success\failure\both (depending on what you want to audit.) A dual
>> server
>> logo next to the audit policy is indicative that the policy comes from
>> the
>> domain level.
>>
>> How To View and Manage Event Logs in Event Viewer in Windows XP
>> WGID:358
>> ID: 308427
>>
>> How To Audit User Access of Files, Folders, and Printers in Windows XP
>> WGID:374
>> ID: 310399
>>
>> If you have set it up and it is failing it may be a corrupted log.
>> Have you
>> tried to open it on another machine? Does the number of secuirty
>> events
>> list anything other than 0?
>>
>> Cheers, Les
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>>
>> "Treeman" Treeman.1kx322@pcbanter.net wrote in message
>> news:Treeman.1kx322@pcbanter.net...-
>>
>> Just wondering why my Security log files in Event viewer is empty. I
>> mean _no_ events at all showing. XP Pro SP-1
>> Treeman
>>
>>
>> --
>> Treeman-
>
>
> --
> Treeman