Subject:  Turn on Windows XP Event Logging
Author:   Pamela Y. C. Fong
Date:     Sun Aug  3 10:09:55 PDT 2003


It is helpful to monitor Windows events for signs of hardware, software,
and security problems.  Customize the procedure below for your own
systems to turn on event logging, and use the Event Viewer to inspect the
logs on a regular basis.

1)  Run the Local Security Settings tool.

    Start|Settings|Control Panel|Administrative Tools|Local Security Settings

2)  In the left window page, navigate to the subbranch,

    Security Settings|Local Policies|Audit Policy

          RECOMMENDED AUDIT POLICY SETTINGS
    ----------------------------------------------
        Event Category             Success Failure
    ----------------------------------------------
    Audit Account Logon Events        X       X
    Audit Account Management          X       X
    Audit Directory Service Access
    Audit Logon Events                X       X
    Audit Object Access                       X
    Audit Policy Change               X       X
    Audit Privilege Use                       X
    Audit Process Tracking
    Audit System Events                       X

3)  Run the Event Viewer tool.

    Start|Settings|Control Panel|Administrative Tools|Event Viewer

4)  For each of the three logs, which appear in the left pane,

    Application
    Security
    System

    increase the log size, and enable the log to be overwritten.  To do
    this, right-click on each log, and configure for example,

      Log size
        Maximum log size 9984 KB
        Overwrite events as needed

5)  On a regular basis, run the Event Viewer Tool to examine the logs.

---Pam