How to view Active Directory (AD) event logs
Get it Done with ADAudit PlusNative auditing
Active Directory event logs can be viewed using the Event Viewer, which is a native tool provided by Microsoft. However, your domain's audit policy needs to be turned on first.
- Step 1: This can be done by going to your Group Policy management console → Domain policy → Computer configuration → Policies → Windows Settings → Security Settings → Local Policies → Audit Policy/Advanced audit policy configuration.
- Step 2: Select the events you want to audit.
- Step 3: Now to view the AD event logs for these, go to Administrative tools → Event Viewer.
- Step 4: Select the type of AD audit logs that you wish to view (ex: Application, System, etc.).
You can filter these logs to view just what you need.
Unfortunately, the Event Viewer has a log storage capacity of 4GB, and logs are overwritten as needed. Also, the clutter in these logs makes it hard for you to get a clear picture of events happening in the domain. These limitations make the Event Viewer a subpar auditing tool for Active Directory.
Viewing Active Directory security logs using ADAudit Plus
ADAudit Plus lets you view AD event logs in the form of neat, categorized reports. This way, you don't need to scroll endlessly through a jumble of security logs, spend hours filtering out events, or worry about events being overwritten due to limited storage. ADAudit Plus does all the work for you. Here is a sample report of group modification events.
ADAudit Plus lets you export these logs to any SIEM tool and even import EVT/EVTX logs from an external source. These reports can be exported as a CSV, PDF, XLS, or HTML file, and scheduled to be sent to you at a time of your choice. They can be archived and saved anywhere locally, so administrators don't need to worry about limitations in storage like with native tools.
This way, logs from past events can be stored for as long as needed to be used for forensics and compliance. The alerting module of ADAudit Plus sends you real-time notifications in case of any critical event.
ADAudit Plus has real-time audit reports for:
- User logon auditing
- File server auditing
- AD objects auditing
- Windows Server auditing
- Removable storage auditing
And more!
Your AD logs are also compiled into preconfigured compliance reports to help you satisfy industry regulations.
Learn more about how ADAudit Plus can help you audit your AD.
Native auditing becoming a little too much?
Simplify file server auditing and reporting with ADAudit Plus.
Download for Free