• Welcome to Tux Reports: Where Penguins Fly. We hope you find the topics varied, interesting, and worthy of your time. Please become a member and join in the discussions.

Event Logs

I

ia1234

Flightless Bird
Dear All,

Is there a standard configuration/policy file in Windows XP that determines
which events are written in the event logs (be it application log, security
log, system log), and which events wont be written to these logs. Like a
policy file determing which you wuill find and which you wont? If so where is
its location? I have used event viewing tools before to determine if someone
printed a document, cant remember event ID of top of my head but on some
machines this is stored, in the event logs, on others it is not, so to save
me some time in analysis if there is an event policy file I could do with
knowing about it.
 
D

Don Phillipson

Flightless Bird
"ia1234" <ia1234@discussions.microsoft.com> wrote in message
news:66891111-163B-43BB-B414-9C1C7AC9542E@microsoft.com...

> Is there a standard configuration/policy file in Windows XP that
determines
> which events are written in the event logs (be it application log,
security
> log, system log), and which events wont be written to these logs. Like a
> policy file determing which you wuill find and which you wont?

No: there is no standard or uniform set of protocols. Events that
may be logged are so different (e.g. installation of the OS, installation
or update of an application, an Internet session) that no uniform
list of events would satisfy all users of all logs.

--
Don Phillipson
Carlsbad Springs
(Ottawa, Canada)
 
J

John John - MVP

Flightless Bird
ia1234 wrote:
> Dear All,
>
> Is there a standard configuration/policy file in Windows XP that determines
> which events are written in the event logs (be it application log, security
> log, system log), and which events wont be written to these logs. Like a
> policy file determing which you wuill find and which you wont? If so where is
> its location? I have used event viewing tools before to determine if someone
> printed a document, cant remember event ID of top of my head but on some
> machines this is stored, in the event logs, on others it is not, so to save
> me some time in analysis if there is an event policy file I could do with
> knowing about it.

As far as I know the Event Log does not record printing activity, if you
were/are seeing these kind of events you were/are probably using third
party software to accomplish this. Or perhaps you were/are doing file
auditing on a particular document...

John
 
You must log in or register to reply here.
Top