Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Event Viewer not recording Security events!!!?????

Status
Not open for further replies.
zaresa

zaresa

IS-IT--Management
Joined
Apr 9, 2002
Messages
72
Location
US
I've noticed that Event Viewer is not recording Security Events on ANY of the servers on our network (both NT 4.0 and 2000 machines).

The config settings for all three event logs is identical and I am able to view all events in the System and Application logs.

Is there some additional setting (?) that I need to configure or is there possibly a tool that someone has deployed to erase these logs?


Any help would be greatly appreciated.
 
Sort by date Sort by votes
You have to enable AUDITING.

Regards
jpaf
 
Upvote 0 Downvote
Hi jpaf,

Auditing IS (and has been) enabled...the only selection not selected is Start/Shutdown/Restart of System.

Funny thing...I am able to view the Security log on the PDC. However, this is the only machine that I can do so on.
 
Upvote 0 Downvote
Are you checking auditing by just opening User Manager for the domain (i.e. the PDC)?

Open the local user manager on a server that security log is not working on and make sure auditing is set locally.

Hope this helps
jpaf
 
Upvote 0 Downvote
We are not using local versions of User Manager (I thought that this was only used on Workgroup machines).

I have been using User Manager for Domains...how can I access or setup a local version of User Manager?
 
Upvote 0 Downvote
JPAF,

None of our servers have the musrmgr.exe file installed (it is not an available option in Administrative Tools. How can I install this?

Thank you - zaresa
 
Upvote 0 Downvote
zaresa - having the same problem; auditing is turned on (has been since Win2K servers installed) but lately, there are "gaps" in the security event logs - eg, on server #1 ("PDC") there are security events up through 9/26, on server #2 ("BDC") there are events from late on 9/26 to 9/27. No events on either from 9/28, 29th or today.

Is this what you are seeing?

Did you recently install SP3 on 2000 servers? I did, and that's seemingly when the issue began.
 
Upvote 0 Downvote
One more thing: make sure your logs are not filling up! The default size is 512K, I usually set the security log up to 7-10Mb so I can hold 30 days of events. I archive and clear every month.

Size: Event Viewer, left click Security Log, then click (menu bar) Action | Properties to see the size. Can increase size on the fly. If the security log gets full, logons can get denied for some seconds while old events are FIFO'd.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

techbrain1
  • Question Question
Explorer Error the operating system is not compatible with this product
Replies
0
Views
255
techbrain1
techbrain1
microsGuy16
  • Locked
  • Question Question
Can not copy files to Mapped drive
Replies
0
Views
967
microsGuy16
microsGuy16
dpellegrini
  • Locked
  • Question Question
Website will load using hostname but not IP address
Replies
3
Views
2K
mangentle
mangentle
andyferris
  • Locked
  • Question Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
456
RRankin355
RRankin355
ADB100
  • Locked
  • Question Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
604
technome
technome

Part and Inventory Search

Sponsor

Back
Top