Hi All,
I've come to an organisation that is using Log and Event Manager and my predecessor, who was part of the installation by a third party, is no longer at the company.
To put it bluntly, we don't particularly like the product and find it a pain to use and would like to be able to view events in the server event logs.
Here lies my problem, when i look for a particular event 4740 (account lockout), there are none listed since (I presume) when LEM was installed.
I am able to see current events in LEM of this type and i have checked that auditing is turned on in group policy so I can only imagine that LEM is polling and deleting the logs.
If this is the case, how can i prevent this?
Regards