Page 1 of 1
Trying to find acccount whihc deleted a folder
Posted: Mon Nov 23, 2015 2:39 pm
by dlukinski
Hello Nagios support
We are new customer, which have configured LOG servers and receiving logs for 2 weeks.
Got folder which was deleted back on 17th, but unable to query for event (do not know how)
- have folder name
- have 2 dates
- have event ID (must be 4660)
Somehow logs only come for today's date. Opening other dates logs do not help.
Unsure what to do
Re: Trying to find acccount whihc deleted a folder
Posted: Mon Nov 23, 2015 2:55 pm
by jolson
Are you sure that your Windows Server is logging folder deletion events?
If so, you should be able to query for the log as follows.
1. Navigate to 'Dashboard' and pick a timeperiod using the timeperiod button. Be sure to select a timeperiod during which the deletion event likely occured.
2015-11-23 13_42_40-Dashboard • Nagios Log Server.png
2. Find the 'EventID' field and apply it as a filter using the magnifying glass icon. (At this point the eventID does _not_ have to be the correct number).
2015-11-23 13_51_47-Dashboard • Nagios Log Server.png
3. Note that a new filter has been added to your search. You may now edit this filter and input the appropriate eventID.
2015-11-23 13_53_00-Dashboard • Nagios Log Server.png
2015-11-23 13_53_59-Dashboard • Nagios Log Server.png
Now press 'Apply'. The logs displayed are any logs matching eventID 4660. If you need to further filter down your log contents, make use of any field that you see as valuable (host may be another good filter to add).
Re: Trying to find acccount whihc deleted a folder
Posted: Tue Nov 24, 2015 12:55 pm
by dlukinski
Thank you
Please close the case
Re: Trying to find acccount whihc deleted a folder
Posted: Tue Nov 24, 2015 1:03 pm
by bwallace
Glad we were able to help. We'll lock this thread now and feel free to open another should you require assistance with anything else.