how to audit Windows OS ? – Event Viewer

Posted by

Nowadays any administrator or systems auditor wants to obtain the most information about the events that may happen with X system. By default, none of this is configured on any windows distribution, however, the steps are simple.

This article it is based on Windows Server 2012 R2 operating system, (however the event viewer works on any Windows distribution, 7 /8 /8.1/10 etc.), referring to events, there are different types of events that generate different logs files that are sent to the event viewer for analysis with the following structure:

1. Application

2. Security

3. Configurations

4. System

5. Forwarded events.

2018-09-07 21_27_52-(21) MUËRË MAC MILLER EX DE ARIANA GRANDE POR APARENTE SÖBRÊDÖSIS - YouTube
Event Viewer

The previous screenshot shows you an example of the event viewer, the tool that we are talking about and was implemented by Microsoft on every of its operating systems to monitor the entire system, each event, whether it is “Successful” or “Failed“, logon, log off, applications started, application failures, etc., it allows you to obtain information more in-depth of the event in order to interpret the failure, as well as perform some troubleshooting tests based on the results founded.

How do you activate the different types of events, based on two specifically “successful” event or “failure” ?

For this it is necessary to carry out the following steps:

> Start

> Type/Open “Local Security Policies”.

> Expand “Local Policies”.

> Select “Audit Policies”.

> Select in the window on the right the event that you wish to monitor with a double click and select its status, either: Successful or Failed.

> Click OK.

> Close.

Once you have configured the events you want to monitor within the event viewer (see screenshot # 1 – Event Viewer) and after some minutes you can see more information of each event that you have just activated (successful / failed), also you can have some other applications or software configured to get that information for analysis, for example, ArcSight, Splunk, QRadar, etc.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s