Navigation section

Windows 10 Nobody can answer - logs

O

OhComeOnSeriously

New Member
Joined
Apr 12, 2022
Messages
1
Hello,

Is there any computer person on Earth able to answer this question.

How to find logon / access logs that go back 2 years ? Vs the event logs on the pc itself that go only 6 months?

In other words, how to see who and when people in our large company logged on and off etc of the network ? 2 years worth vs the 6 months pc event logs show?

Our IT department has full access but they claim it can’t be done
 


Solution
U
It depends - on the maximum configured log file size and what Windows is to do when the log fills. By default the initial log file size for all logs is 20MB and when that fills it is overwritten. That being the case your logs from two years ago are likely overwritten and thus gone.

Open the Event Viewer and expand the Windows logs folder so that you see the various logs (Application, Security, System, etc.). Right click on each log type and select 'properties', in there you can change the log file size and indicate what to do when it fills - archiving would seem the best choice for you. You can also see when each log file was created and its current size.
Sort by date Sort by votes
It depends - on the maximum configured log file size and what Windows is to do when the log fills. By default the initial log file size for all logs is 20MB and when that fills it is overwritten. That being the case your logs from two years ago are likely overwritten and thus gone.

Open the Event Viewer and expand the Windows logs folder so that you see the various logs (Application, Security, System, etc.). Right click on each log type and select 'properties', in there you can change the log file size and indicate what to do when it fills - archiving would seem the best choice for you. You can also see when each log file was created and its current size.
 


Upvote 0 Downvote
Solution
Unless you have a full-disk image backup from then, this is very unlikely. Even if you have shadow copies or something similar enabled, as far as I know, it only captures user directories, not system directories.

I don't see how a login from two years ago would be relevant now.
 


Upvote 0 Downvote
At a host level (Windows) events are stored in the Security log for logon activity. The default log size is ~20MB which is not that much but can be adjusted manually or via GPO. The default behavior is oldest logs are overridden as space runs out.

If a company has a mature cyber security program in place they will have a tool called a SIEM in place which is a centralized log aggregator and event analysis platform. Depending on the size of the company, budget and any compliance requirements log retention may not be long enough. Most companies may keep up to 1 year of logs with a potential of more in some form of archive. The longest log retention I've seen is 16 months.
 


Upvote 0 Downvote
You must log in or register to reply here.
Back
Top