Archiving the Security Log
Archiving security logs allows you to maintain a history of security-related events. Many organizations have policies on keeping archive logs for a specified period to track security-related information over time. When you archive a log, the entire log is saved, regardless of filtering options.
To archive a security log, complete the following steps:
1.Open the Event Viewer console.
2.Right-click Security in the console tree, and then click Save Log File As.
3.In the Save As dialog box, in the File Name list, type a name for the log file to be archived.
4.In the Save As Type list, click a file format, and then click Save.
If you archive a log in log-file format, you can reopen it in the Event Viewer console. Logs saved as event log files (*.evt) retain the binary data for each event recorded. If you archive a log in text or comma-delimited format (*.txt and *.csv, respectively), you can reopen the log in other programs such as word-processing or spreadsheet pro-grams. Logs saved in text or comma-delimited format do not retain the binary data and cannot be reopened in the Event Viewer console.
To view an archived security log, complete the following steps:
1.Open the Event Viewer console.
2.Right-click the security log in the console tree, and then click Open Log File.
3.In the Open dialog box, click the MCSA exams file you want to open. You might need to search
for the drive or folder that contains the document.
In the Log Type list, select Security for the type of log to be opened.
5.In the Display Name box, type the name of the file as you want it to appear in the console tree, and then click Open.
To remove an archived log file from your system, delete the file in Windows Explorer.
Exercise 3: Clearing and Archiving the Security Log
In this exercise, you clear the security log, archive a security log, and view the archived security log.
To clear and archive the security log
1.Use the procedure provided earlier in this lesson to clear and archive the security log. Save the log in a file named Archive.evt.
Use the procedure provided earlier in this lesson to view the archived security log file named Archive.evt.
You filtered a security log to display only the events with Event free 70-297 test questions. Then you archived this log. What information is saved?
a.The entire log is saved
b.The filtered log is saved
c.The entire log and the filtered log are each saved separately
d.No log is saved