5 Years
Discussion Span
Last Post by JorgeM

If auditing is disabled in the local policy, then there would not be any entries in the security event log.


I know that, but im wondering if there is any tool on the market which can provide me with the log details. For eg: if i install a particular software on the server it could produce the events that took place when auditing was disable


Ok, to clarify, in the Windows Event Audit logs, you have the Application, System, and Security event logs, as well as some other Windows Services such as DNS will have their own as well.

When it comes to applications, events related to the application can be written to the Application log. However, that is a function of hte application. its not built into Windows. Some applications write to their own logs, while others choose to write the Windows application log.

Auditing is ONLY required for security related events, not system or application logs.

Windows comes with its built-in viewer. Its called the Event viewer. You can access it from your Administrative tools. it allows you to search and view each item in detail.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.