Archived from groups: microsoft.public.win2000.security (
More info?)
I have been using an eval of LanGuard SELM for a little over a week now. It
will do what you are looking for. It works really well and you can use it to
track other event logs as well.
"Steven L Umbach" wrote:
> LanGuard makes a product that may interest you and I believe they have a
> time limited trial download. Otherwise EventComb, which is free from
> Microsoft, can scan other computers logs using a variety of search criteria
> to create a report. SysInternals has a free command line tool called
> PsLogList which also may be of interest. There very well may be other new
> products to manage large networks, but I am not aware of them as I have a
> pipsqueak network. -- Steve
>
> http://www.gfi.com/lanselm/ -- LanGuard
>
http://www.sysinternals.com/ntw2k/freeware/psloglist.shtml -- PsLogList
>
>
> "Angryblack" <Angryblack@discussions.microsoft.com> wrote in message
> news:69F72C9E-4EFC-4090-919E-7E9E46424C64@microsoft.com...
> >I am totally aware that i can do that. The only problem as you mentioned
> >is
> > the size of the logs that are generated. There is also another issue with
> > the collection of logs. It's impossible to collect that many logs from
> > 100
> > servers so i am trying to find a way to collect all the logs in one
> > central
> > place and be able to search against that database. I know microsoft is
> > coming out with a product however i wanted to know if there is anything
> > new
> > on the market.
> >
> >
> > "Steven L Umbach" wrote:
> >
> >> There is extensive logging built into Windows 2000 and newer operating
> >> systems. You can enable it via the appropriate security policy such as
> >> local
> >> [secpol.msc] or via domain Group/Security Policy. The results are
> >> recorded
> >> in the security logs available through Event Viewer. I believe there are
> >> also properties for the printers that can be configured under file/server
> >> properties/advances in the printers Management Console which will cause
> >> print related events to show in the system log via the printer spooler.
> >> The
> >> link below is a great article on auditing in Windows 2000/XP/2003. Note
> >> that
> >> auditing of object access and then for folders/files can generate huge
> >> amounts of entries in the security log, so If you do enable it be sure to
> >> audit bare number of folders/files for bare number of permissions/for
> >> bare
> >> number of users to get the job done and avoid auditing for everyone and
> >> users groups. --- Steve
> >>
> >>
http://www.microsoft.com/technet/security/guidance/secmod144.mspx
> >>
> >> "Angryblack" <Angryblack@discussions.microsoft.com> wrote in message
> >> news:2068FCE5-BD0E-450C-9188-0352A4ED4916@microsoft.com...
> >> >I am not sure what is the name of the product however i am trying to
> >> >find
> >> >out
> >> > if microsoft makes a product that functions like a syst log server. I
> >> > need
> >> > to know if someone printed or deleted a document if called on by
> >> > management.
> >> > If microsoft does not make such a product does anyone know of a product
> >> > that
> >> > i can use in a microsoft heavy enviorment.
> >>
> >>
> >>
>
>
>