Awinish's Technical Blog

Lets continue the journey of learning & Share.!!

Posts Tagged ‘EventLog’

Auditing And Only Auditing

Posted by Awinish on June 15, 2011


Below are the references & event id associated with windows Vista, 7,  2008 & 2008 R2.

Description of security events in Windows Vista and in Windows Server 2008

http://support.microsoft.com/?kbid=947226

Security audit events for Microsoft Windows Server 2008 and Microsoft Windows Vista

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=82e6d48f-e843-40ed-8b10-b3b716f6b51b

Description of security events in Windows 7 and in Windows Server 2008 R2

http://support.microsoft.com/kb/977519

Security Audit Events for Windows 7 and Windows Server 2008 R2

http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=3a15b562-4650-4298-9745-d9b261f35814

Advanced Security Auditing in Windows 7 and Windows Server 2008 R2

http://social.technet.microsoft.com/wiki/contents/articles/advanced-security-auditing-in-windows-7-and-windows-server-2008-r2.aspx

Jorge has documented best material on auditing, must take a look to his site.

http://blogs.dirteam.com/blogs/jorge/archive/2008/04/29/auditing-in-windows-server-2008.aspx

 

Posted in OS/Certificates | Tagged: , , | Leave a Comment »

Automating Windows Event log

Posted by Awinish on November 11, 2010


I had the situation once, where i was asked to backup the event log on few server & clear it from server to save the space as well as retain log for audit. While, beating my head on the wall, i stumbled to few sites & i found scripts which actually worked for me to achieve my requirements. I have not written below listed VB script, neither confers any rights on it, use it on your own risk.

http://www.scriptinganswers.com/vault/Event%20Logs%20and%20Logging/

http://www.tek-tips.com/viewthread.cfm?qid=1225274&page=1

http://www.enterpriseitplanet.com/resources/scripts_win/article.php/3776106/Backup-and-Clear-Event-Logs.htm

You can use ADM file to configure setting using group policy.

http://mx02.wellbury.com/misc/EventLogPolicy.adm

 

Posted in Scripts/Powershell | Tagged: , | 2 Comments »