Microsoft® Windows® Security Resource Kit, Second Edition

Managing the Event Viewer

All operating system security events in Windows Server 2003, Windows 2000, and Windows XP are recorded in the Event Viewer Security log. In addition, security-related events might be recorded in the Application log and System log.

Before you enable audit policies, you must evaluate whether the default configuration of the log files in the Event Viewer are set properly for your organization. The default settings for the security Event log are shown in Figure 15-1.

Figure 15-1. Security Event log default settings

For each Event log, you must determine the following:

Storage location
Maximum log file size
Overwrite behavior ...

Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft® Windows® Security Resource Kit, Second Edition by Ben Smith, Brian Komar, The Microsoft Security Team

Managing the Event Viewer

Figure 15-1. Security Event log default settings

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly