I've been poking around in LEM trying to figure out how to get this to occur; it should be as simple as searching for the Event IDs. We want to get an alert when the Security event log for Server 2003 / 2008 is cleared. What's the best way to create this rule? I'm not sure if this falls under MachineAudit, Security Alert, or...
↧