Configuring the Event Logs

Authorized administrators can define security settings for the event logs. The choices are somewhat limited, and include log size, the length of time a log should be stored, and when the log should be cleared. Each event log can be configured individually.

1. Click Start, select Programs, select Administrative Tools, click Computer Management.

2. In the console tree, click Event Viewer. Right-click Security and select Properties.

   

3. The Security Properties window will appear. Here authorized administrators can set the Maximum log size and select what action to take when the maximum log size is reached.

   

   • To restore the default settings, click Restore Defaults.

   • To clear the log, click Clear Log.

Under Log size, select one of these options:

If the log is not to be archived, click Overwrite events as needed.

To archive the log at scheduled intervals, click Overwrite events older than and specify the appropriate number of days. Be sure that the Maximum log size is large enough to accommodate the interval.

To retain all the events in the log, click Do not overwrite events (clear log manually). This option requires that logs be cleared manually. When the maximum log size is reached, new events are discarded. If the event log is not cleared and archived regularly, the following message will appear.

1. After establishing the security log settings, click the Apply button.

2. The Security Properties window also provides the ability to set filters on the event log to perform searches and sorting of audit data. To filter an existing event log in order to view or save specific security events, select the Filter tab and configure the filter.

   

3. To configure the filter, select the Event types that will be included by checking or unchecking a selection box next to Information, Warning, Error, Success Audit, and/or Failure audit, then input any additional desired filtering requirements by Event source, Category, Event ID, User, or Computer. Descriptions of these selection options are provided in the previous subsection Viewing the security log.

4. By default the entire event log will be filtered for viewing by the parameters selected above. If desired, select a date and time range for the logs that will be filtered for viewing. This is accomplished by first clicking on the From: drop down menu and changing the selection to Events On. The date and time dialog boxes will become active. Change the date by selecting the drop down menu and choosing a date from the calendar that is presented. Change the time by scrolling the up and down arrows in the time dialog box. Follow the same procedures clicking on the To: drop down menu and changing the selection to Events On. Set the date and time for the last as described above.

5. Once all the desired filtering options have been selected, click the Apply button and click OK. The Event Viewer will filter the log and display the information as defined by the filter.