Announcement

Collapse
No announcement yet.

Saving audit logs to a file question...

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Saving audit logs to a file question...

    Hi guys,

    I need your expert opinion to see if this can be done.
    I enabled file/folders auditing with audit object access enabled.The two folders "Sales" and "Accounts" audits log are saved to security event log.
    What I need is to save the audit logs of each folder to individual files. For example "Sales" folder audit logs are saved to sales.log (or sales.evt) and similarly for "accounts" folder. Can this be configured in the server to be done automatically? Thanks.

  • #2
    Re: Saving audit logs to a file question...

    You could write a powershell script to export and clear the log, then set it up as a scheduled task.

    I have one somewhere, but not available right now -- there will be a few on
    http://www.google.co.uk/search?q=pow...DYPX0QXLn4GYBw
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Saving audit logs to a file question...

      Originally posted by Ossian View Post
      You could write a powershell script to export and clear the log, then set it up as a scheduled task.

      I have one somewhere, but not available right now -- there will be a few on
      Thanks Ossian,

      But can it backup selective security logs taking only audit logs for folder "sales" and "accounts" only? I don't want to export the rest. Thanks.

      Comment


      • #4
        Re: Saving audit logs to a file question...

        Yes, you can selectively filter it -- pipe the get-eventlog cmdlet to a where filter
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Saving audit logs to a file question...

          Originally posted by Ossian View Post
          Yes, you can selectively filter it -- pipe the get-eventlog cmdlet to a where filter
          Would Get-WinEvent be a better choice?
          I am not familiar with powershell scripting.
          Which is the easiest and dummy proof?
          Thanks.

          Comment

          Working...
          X