Announcement

Collapse
No announcement yet.

Audit logs create,modify,delete etc

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Audit logs create,modify,delete etc

    I just need the audit logs of a single folder "Test". So I do the following tasks:

    First go to folder property -> Advance -> Auditing Tab -> Add user group. Check on all success & failure box.

    Then Enable Audit logon event & Enable Audit Object Access.

    In Event Viewer Security logs, a bulk of logs created continuously having Event ID 5152, 4663 & 4654.

    When I disable Audit Object Access the bulk logs creation stop also no logs created about the folder "Test" access, modify or delete records.
    Please tell me how can I manage & view audit logs(create,modify,delete etc) a folder.


  • #2
    ??? Sorry what.

    You enabled it then disabled it now you want to know how to manage the logs??

    Comment


    • #3
      It can be quite daunting when you realise how much data is produced when you start auditing folder access. If you wish to capture all data you will need to set the Security Log Properties to archive the log after a set size limit is reached (otherwise events will be overwritten or not recorded depending on your settings), and you need to make sure that you have enough space on the system drive to store them (or you move them to a different drive/computer).
      A recent poll suggests that 6 out of 7 dwarfs are not happy

      Comment


      • #4
        Sorry I wasn't give u exact problem.
        I only need the audit logs of a single folder "Test"& other default logs.
        some bulk of logs created continuously having Event ID 5152, 4663 & 4654. how can i stop it ?
        Is there any way that I can modified Security logs & it generate only my selected logs.

        Comment


        • #5
          Auditing object access requires two levels:
          Turn on in Group Policy
          Enable at individual file object level

          It sounds as if you are auditing a wider range of folders/drives than you need
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Thanks for the reply.
            I select auditing setting for the Test folder. Check all Successful & failed box.
            but still no event created in windows logs -> security tab.
            should I enable Audit Object Access in group policy too ?
            because if I enable it bulk of logs created continuously then it's very difficult to check the exact Test folder audit

            Comment


            • #7
              You must enable in Group Policy (or no auditing will occur), but you also need to look for auditing on other folders/files on the server and remove that
              Tom Jones
              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
              PhD, MSc, FIAP, MIITT
              IT Trainer / Consultant
              Ossian Ltd
              Scotland

              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment


              • #8
                Thanks for the response I got the solution.
                Enable in Group Policy & then created a Custom views filter. Now I can view all the folder audit logs from there.

                Comment

                Working...
                X