Auditing Active Directory and Reviewing Audit Logs - Page 2
Reviewing the Audit Logs
The final step in the auditing process is to review your audit logs. I strongly recommend making this a daily process. For example, I make it a point to review my audit logs every morning, right after I change my backup tapes.
To review an audit log, select Start | Programs | Administrative Tools | Event Viewer. When the Event Viewer console opens, you'll see a list of all of the existing log files. Select the Security Log to see the results of your auditing.
Even if you've been very selective about which events you audit, you may have trouble finding exactly the event you're looking for. Fortunately, you can use a search to make this process easier. To do so, select the Security Log and then select the Find command from the Event Viewer's View Menu. The Find In Local Security Log dialog box will open, as shown in Figure 4. This dialog box lets you perform a targeted search on a number of criteria. For example, you can search for information, warnings, or errors. You can further search by specifying whether you're looking for a success audit or a failure audit. Finally, you can search for things like event source, category, event ID, user, computer, or description.
When you find a specific event in the audit log, keep in mind that the information presented to you is merely a summary of the event that has occurred. You can view more detailed information on any event by double-clicking on it.
As you can see, the auditing process is a very important part of your network's security. In this article series, I've walked you through the process of implementing various types of auditing. I've also shown you how to locate specific events within the audit logs. //
Brien M. Posey is an MCSE who works as a freelance writer. His past experience includes working as the director of information systems for a national chain of health care facilities and as a network engineer for the Department of Defense. Because of the extremely high volume of e-mail that Brien receives, it's impossible for him to respond to every message, although he does read them all.