If audit log is turn off on the windows server, can i use a software to generate & view the log files. If yes please suggest the tool.
If auditing is disabled in the local policy, then there would not be any entries in the security event log.
I know that, but im wondering if there is any tool on the market which can provide me with the log details. For eg: if i install a particular software on the server it could produce the events that took place when auditing was disable
Ok, to clarify, in the Windows Event Audit logs, you have the Application, System, and Security event logs, as well as some other Windows Services such as DNS will have their own as well.
When it comes to applications, events related to the application can be written to the Application log. However, that is a function of hte application. its not built into Windows. Some applications write to their own logs, while others choose to write the Windows application log.
Auditing is ONLY required for security related events, not system or application logs.
Windows comes with its built-in viewer. Its called the Event viewer. You can access it from your Administrative tools. it allows you to search and view each item in detail.