I have installed LEM and configured Windows Application, Security, Active Response and Systems logs.
I need to find the logs if someone stop. clear or access the Logs in Windows machines, where agents installed.
I tried to clear the logs and also stopped the event viewer service. Both event generated logs in the respective machines but I dont see them in the "ndepth". Am I doing something wrong.
By the way connector output is set to Alert i.e. not to Alert and ndepth-- will this affect it.
Is there any Rule to see the logs for Audit stop/start/access ????
You would have to enable the rule first under build -> rules. Then you can set up our action (email)..etc.