Results 1 to 4 of 4
  1. #1
    Star Lounger
    Join Date
    Apr 2010
    Posts
    77
    Thanks
    6
    Thanked 8 Times in 6 Posts
    Hi there,

    In troubleshooting a problem with an application this evening on XP SP3 and I checked the event viewer log under Computer Management. The "application" log is showing recent events, but I noticed that the logs for both "Internet Explorer" and "Security" are completely blank. The "system" log has not updated since February 2009! I checked the filter settings but they appear to be OK.

    I am sure there is a simple setting such as a service disabled, but which one? The "Event Log" service is switched on auto and status is started.

    Any suggestions much appreciated, thanks.

  2. #2
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    On my XP (Windows 7 XP mode), no events for Internet Explorer (neither on Windows 7, for that matter). Security is also completely blank, exception to an event added when XP was installed. So these look perfectly normal to me. System should have a few more events, though.
    Rui
    -------
    R4

  3. #3
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Have a look through here

    Re: Event Logs/Event Viewer
    Event Viewer Group Policy Audit logon events

    Right click Application | Properties | Filter tab |
    Make sure that all Event types are selected.

    Right click Security | Properties | Filter tab |
    Make sure that all Event types are selected.

    Right click System | Properties | Filter tab |
    Make sure that all Event types are selected.

    If XP Pro, Group Policy. I have no idea with XP Home.

    Open Group Policy Editor...
    Start | Run | Type: gpedit.msc | Click OK |

    Set both Audit account logon events & Audit logon events for Success &
    Failure

    From Group Policy HELP...

    [[Audit account logon events
    Computer Configuration\Windows Settings\Security Settings\Local
    Policies\Audit Policy

    Description
    Determines whether to audit each instance of a user logging on to or logging
    off from another computer in which this computer is used to validate the
    account.

    If you define this policy setting, you can specify whether to audit
    successes, audit failures, or not audit the event type at all. Success
    audits generate an audit entry when an account logon attempt succeeds.
    Failure audits generate an audit entry when an account logon attempt fails.
    To set this value to no auditing, in the Properties dialog box for this
    policy setting, select the Define these policy settings check box and clear
    the Success and Failure check boxes.

    If success auditing for account logon events is enabled on a domain
    controller, an entry is logged for each user who is validated against that
    domain controller, even though the user is actually logging on to a
    workstation that is joined to the domain.

    Default:
    No auditing for domain controllers.
    Undefined for a member computer. ]]

    [[Audit logon events
    Computer Configuration\Windows Settings\Security Settings\Local
    Policies\Audit Policy

    Description
    Determines whether to audit each instance of a user logging on to, logging
    off from, or making a network connection to this computer.

    If you are logging successful Audit account logon events on a domain
    controller, workstation logon attempts do not generate logon audits. Only
    interactive and network logon attempts to the domain controller itself
    generate logon events. In short, "account logon events" are generated where
    the account lives; "logon events" are generated where the logon attempt
    occurs.

    If you define this policy setting, you can specify whether to audit
    successes, audit failures, or not audit the event type at all. Success
    audits generate an audit entry when a logon attempt succeeds. Failure audits
    generate an audit entry when a logon attempt fails. To set this value to no
    auditing, in the Properties dialog box for this policy setting, select the
    Define these policy settings check box and clear the Success and Failure
    check boxes.

    Default: No auditing.]]

    --
    Hope this helps. Let us know.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  4. #4
    Star Lounger
    Join Date
    Apr 2010
    Posts
    77
    Thanks
    6
    Thanked 8 Times in 6 Posts
    Thanks Clint, that worked, including initially setting to re-setting to defaults.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •