1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Event Logs

Discussion in 'Windows XP' started by ia1234, Apr 26, 2010.

  1. ia1234

    ia1234 Flightless Bird

    Dear All,

    Is there a standard configuration/policy file in Windows XP that determines
    which events are written in the event logs (be it application log, security
    log, system log), and which events wont be written to these logs. Like a
    policy file determing which you wuill find and which you wont? If so where is
    its location? I have used event viewing tools before to determine if someone
    printed a document, cant remember event ID of top of my head but on some
    machines this is stored, in the event logs, on others it is not, so to save
    me some time in analysis if there is an event policy file I could do with
    knowing about it.
     
  2. Don Phillipson

    Don Phillipson Flightless Bird

    "ia1234" <ia1234@discussions.microsoft.com> wrote in message
    news:66891111-163B-43BB-B414-9C1C7AC9542E@microsoft.com...

    > Is there a standard configuration/policy file in Windows XP that

    determines
    > which events are written in the event logs (be it application log,

    security
    > log, system log), and which events wont be written to these logs. Like a
    > policy file determing which you wuill find and which you wont?


    No: there is no standard or uniform set of protocols. Events that
    may be logged are so different (e.g. installation of the OS, installation
    or update of an application, an Internet session) that no uniform
    list of events would satisfy all users of all logs.

    --
    Don Phillipson
    Carlsbad Springs
    (Ottawa, Canada)
     
  3. John John - MVP

    John John - MVP Flightless Bird

    ia1234 wrote:
    > Dear All,
    >
    > Is there a standard configuration/policy file in Windows XP that determines
    > which events are written in the event logs (be it application log, security
    > log, system log), and which events wont be written to these logs. Like a
    > policy file determing which you wuill find and which you wont? If so where is
    > its location? I have used event viewing tools before to determine if someone
    > printed a document, cant remember event ID of top of my head but on some
    > machines this is stored, in the event logs, on others it is not, so to save
    > me some time in analysis if there is an event policy file I could do with
    > knowing about it.


    As far as I know the Event Log does not record printing activity, if you
    were/are seeing these kind of events you were/are probably using third
    party software to accomplish this. Or perhaps you were/are doing file
    auditing on a particular document...

    John
     

Share This Page