• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 16. Auditing Windows XP Using th... > Archiving a Log File and Clearing Ev...

Archiving a Log File and Clearing Events

Since today's disk drives take up so little space and there are many different types of removable media, from floppy discs to CD-R recordable disks, you may never need to clear the events in a log file without first archiving the log file. Once you have archived a log file, you can then copy the archived file to removable media or include it in your normal backup schedule so that it is saved for a long period of time. Keep in mind that viruses and Trojan horses may take many months to either start causing problems or to draw attention! If you keep your log files archived, you may be able to use them (talk to your lawyers) to provide an audit trail that can help you identify how the system became infiltrated in the first place. For example, you might find in an old log file that a user account was used during off-hours, indicating that the employee has some explaining to do. Keeping log files archived for at least a year is a good idea.

To archive a log file, follow these steps:


PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint