The syslog-ng 3.0 Administrator Guide

This section describes how to configure the logging and auditing policy on various versions of Microsoft Windows. The syslog-ng agent can transfer log messages only about those events that are actually logged, so the audit policy has to be configured to log the important events.

Microsoft Windows operating systems can record a range of event types, from a system-wide event such as a user logging on, to an attempt by a particular user to read a specific file. Both successful and unsuccessful attempts to perform an action can be recorded. The audit policy specifies the types of events to be audited. When such an event occurs, an entry is added to the log file of the computer.

Following is a brief overview on how to configure the audit policy on various versions of Microsoft Windows. For details, consult the documentation of your operating system, or visit Microsoft TechNet at http://technet.microsoft.com/. For details on configuring the auditing and logging of various applications, like the IIS Server or the ISA Server, consult your product documentation.