Native auditing
Active Directory event logs can be viewed using theEvent Viewer, which is a native tool provided by Microsoft. However, your domain's audit policy needs to be turned on first.
- Step 1: This can be done by going to yourGroup Policy management console→ Domain policy→Computer configuration→ Policies→ Windows Settings→ Security Settings→ Local Policies→ Audit Policy/Advanced audit policy configuration.
- Step 2: Select theevents you want to audit.
- Step 3: Now to view the AD event logs for these, go toAdministrative tools→ Event Viewer.
- Step 4: Select the type of AD audit logs that you wish to view (ex: Application, System, etc.).
You can filter these logs to view just what you need.
Unfortunately, theEvent Viewer has a log storage capacity of 4GB, and logs are overwritten as needed. Also, the clutter in these logs makes it hard for you to get a clear picture of events happening in the domain. These limitations make the EventViewer a subpar auditing tool for Active Directory.
Viewing Active Directory security logs using ADAudit Plus
ADAudit Plus lets you view AD event logs in the form of neat, categorized reports. This way, you don't need to scroll endlessly through a jumble of security logs, spend hours filtering out events,or worry about events beingoverwritten due to limited storage. ADAudit Plus does all the work for you. Here is a sample report of group modification events.
ADAudit Plus lets you export these logs to any SIEM tool and even importEVT/EVTX logs from an external source. These reports can be exported as a CSV, PDF, XLS, or HTML file, and scheduled to be sent toyouat a time of your choice. They can be archived and savedanywhere locally, so administrators don't need to worry about limitations in storage likewithnative tools.
This way, logs from past events can be storedfor as long as needed to be used for forensics and compliance.The alerting module of ADAudit Plus sends you real-time notifications in case of any critical event.
ADAudit Plus has real-time audit reports for:
- User logon auditing
- File server auditing
- AD objects auditing
- WindowsServer auditing
- Removable storage auditing
And more!
Your AD logs are also compiled into preconfigured compliance reports to help you satisfy industry regulations.
Learnmore about how ADAudit Plus can help you audit your AD.