1 Reply Latest reply on Mar 3, 2014 8:59 AM by evanr

    Logs for Clearing/stopping Audit logging

    freewill

      Hi,

       

      I have installed LEM and configured Windows Application, Security, Active Response and Systems logs.

       

      I need to find the logs if someone stop. clear or access the Logs in Windows machines, where agents installed.

       

      I tried to clear the logs and also stopped the event viewer service. Both event generated logs in the respective machines but I dont see them in the "ndepth".  Am I doing something wrong.

       

      By the way connector output is set to Alert i.e. not to Alert and ndepth-- will this affect it.

       

      Is there any Rule to see the logs for Audit stop/start/access ????

       

      Please advise.

       

      Regards