Trying to find acccount whihc deleted a folder

[dlukinski]

Hello Nagios support

We are new customer, which have configured LOG servers and receiving logs for 2 weeks.
Got folder which was deleted back on 17th, but unable to query for event (do not know how)
- have folder name
- have 2 dates
- have event ID (must be 4660)

Somehow logs only come for today's date. Opening other dates logs do not help.
Unsure what to do

[jolson]

Are you sure that your Windows Server is logging folder deletion events?

If so, you should be able to query for the log as follows.

1. Navigate to 'Dashboard' and pick a timeperiod using the timeperiod button. Be sure to select a timeperiod during which the deletion event likely occured.

2015-11-23 13_42_40-Dashboard • Nagios Log Server.png

2. Find the 'EventID' field and apply it as a filter using the magnifying glass icon. (At this point the eventID does _not_ have to be the correct number).

2015-11-23 13_51_47-Dashboard • Nagios Log Server.png

3. Note that a new filter has been added to your search. You may now edit this filter and input the appropriate eventID.

2015-11-23 13_53_00-Dashboard • Nagios Log Server.png

2015-11-23 13_53_59-Dashboard • Nagios Log Server.png

Now press 'Apply'. The logs displayed are any logs matching eventID 4660. If you need to further filter down your log contents, make use of any field that you see as valuable (host may be another good filter to add).

[dlukinski]

Thank you

Please close the case

[bwallace]

Glad we were able to help. We'll lock this thread now and feel free to open another should you require assistance with anything else.