Section 8.7: Archiving Logs

Archiving security logs allows you to maintain a history of security-related events. This allows you to track trends in Windows XP Professional by comparing logs from different periods. Viewing trends helps you determine resource use and plan for growth. You can also use logs to determine patterns of unauthorized resource access. Windows XP Professional allows you to control the size of the logs and to specify the action that it takes when a log becomes full.

If you want to archive, clear, or view an archived log, select the log you want to configure in Event Viewer, click the Action menu, and then click one of the options described in Table 8.5.

Table 8.5: Options to Archive, Clear, or View a Log File

Option Do This
Archive the log Click Save Log File As and then type a filename.
Clear the log Click Clear All Events to clear the log. Windows XP Professional creates a security log entry stating that the log was cleared.
View an archived log Click New Log View; add another view of the selected log.

Note: When the log file becomes full and you have specify the Do Not Overwrite Events (Clear Log Manually) action, Windows XP Professional stops. You can therefore use this configuration to ensure that Windows XP Professional only operates while auditing occurs.