Events not posted in security section

[karthikaravind]

I could see no events are posted under the security section
All the necessary options are enabled
overwritte events older than 7 days
Maximum log size 512 KB
under the filter section
All the event types are checked
Event source - all
category - All
I am working under administrative pr
Could some one please tell me what is wrong ?

 

[Johnw]

I could see no events are posted under the security section
All the necessary options are enabled
overwritte events older than 7 days
Maximum log size 512 KB
under the filter section
All the event types are checked
Event source - all
category - All
I am working under administrative pr
Could some one please tell me what is wrong ?

Mine is the same.

xp event viewer security

http://qdeo.com/o30

 

[Jose]

I could see no events are posted under the security section
All the necessary options are enabled
        overwritte events older than  7 days
        Maximum log size 512 KB
under the filter section
        All the event types are checked
        Event source - all
        category - All
I am working under administrative pr
Could some one please tell me what is wrong ?

Logging of Security Events in disabled by default in XP, so unless
someone enables security auditing by establishing a security policy
and specifying things to watch for, it will remain empty. Nothing is
wrong if it is empty.

Here is a KB to get you started: http://support.microsoft.com/kb/157662

You can check out your security policies by going to Start, Run,
secpol.msc

All the audit polices are probably set to No auditing (default). Turn
on a simple one like audit logon events, then logoff and back on and
you should see something.

The Security log can fill up fast (and then be overwritten).

Jose

 

[Gerry]

Jose

"Logging of Security Events in disabled by default in XP"

I do not think you are right here. I have never made any changes when
reinstalling and the Security log has always been populated. I only use
Home Edition. The situation could be different with Professional, where
the Administrator can set Policy options.

--


Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Gerry]

karthikaravind

What version of Windows XP? Is it Home Edition. Professional or?

If you are using Home Edition the problem arises from a setting you have
changed and not realised the consequence or it is malware damage. Have
events previously been recorded in the Security log?

Are the System and Application logs recording events? Note events are
never recorded in the Internet Explorer log.

Which properties did you view to get your information? Was it Event
Viewer ( Local ) or Security? Have you tried clicking on the Restore
Defaults button?


--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Jose]

Jose

"Logging of Security Events in disabled by default in XP"

I do not think you are right here. I have never made any changes when
reinstalling and the Security log has always been populated. I only use
Home Edition. The situation could be different with Professional, where
the Administrator can set Policy options.

--

Gerry
 ~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Poor choice of words based on assumption. I am not using Home, and
the OP didn't specify, so we have to guess.

The default installation of XP Pro has the Security Auditing Policies
set to No auditing. I thought I read once that it was just XP in
general now I read Pro and Home are different in this area.

XP Home has some default security policies enabled that "cannot be
administered". That is good to know.

In Pro, the mechanism is there and "enabled", but there is probably
nothing set up to audit to cause something to be written to the
Security log. In Pro this is through the secpol.msc snapin. The
closest equivalent in Home might be lusrmgr.msc which is not on a Pro
system.

If you are using Home and have stuff in your Security log, it would be
interesting to see what your security policies setting are for what
events to log. You can open the events and figure out what is being
audited and then check your policies. I can't do that here.

I can easily get way too much information in the log by choosing to
audit certain events, but just being us chickens here, I don't care.

Even running the Event Viewer to look a the log creates entries in the
Security log since it is an administrative tool!

Back to No auditing for me.

Jose

 

[Gerry]

Jose

I spend a lot of investigating what Event Viewer Reports mean, You may
have noticed <G>. However, I have never investigated the meaning of
Security events for others. System and Application Events give more than
enough to keep me occupied.

I just counted the Security Events listed when I booted this morning.
Quite surprised to find 61 Success Audits. Looked through the whole log
and there are only 4 Failures. All about the same time last Wednesday an
hour after booting.


--


Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
..

 

[Jose]

Jose

I spend a lot of investigating what Event Viewer Reports mean, You may
have noticed <G>. However, I have never investigated  the meaning of
Security events for others. System and Application Events give more than
enough to keep me occupied.

I just counted the Security Events listed when I booted this morning.
Quite surprised to find 61 Success Audits. Looked through the whole log
and there are only 4 Failures. All about the same time last Wednesday an
hour after booting.

--

Gerry
 ~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
.

Yeah - I bet. I turned on some simple policy, ran Event Viewer, and
that put 6 in just for starting EV. Ican imagine if it was set to
full throttle.

I will log it in as one of those many available, yet unexploited XP
features that will remain inactive until I think I need it.

Jose