1 Reply Latest reply on Mar 3, 2014 8:59 AM by evanr

    Logs for Clearing/stopping Audit logging




      I have installed LEM and configured Windows Application, Security, Active Response and Systems logs.


      I need to find the logs if someone stop. clear or access the Logs in Windows machines, where agents installed.


      I tried to clear the logs and also stopped the event viewer service. Both event generated logs in the respective machines but I dont see them in the "ndepth".  Am I doing something wrong.


      By the way connector output is set to Alert i.e. not to Alert and ndepth-- will this affect it.


      Is there any Rule to see the logs for Audit stop/start/access ????


      Please advise.