Enabling the System Event Audit Log
This topic includes the following information:
How to Enable Security Audit Policy
How to Enable Verbose Logging of Code Integrity Diagnostic Events
How to Enable Security Audit Policy
To enable security audit policy to capture load failures in the audit logs, follow these steps:
Open an elevated Command Prompt window. To open an elevated Command Prompt window, create a desktop shortcut to Cmd.exe, select and hold (or right-click) the Cmd.exe shortcut, and select Run as administrator.
In the elevated Command Prompt window, run the following command:
Auditpol /set /Category:System /failure:enable
Restart the computer for the changes to take effect.
The following screen shot shows how to use Auditpol to enable security auditing.
How to Enable Verbose Logging of Code Integrity Diagnostic Events
To enable verbose logging, follow these steps:
Open an elevated Command Prompt window.
Run Eventvwr.exe on the command line.
Under the Event Viewer folder in the left pane of the Event Viewer, expand the following sequence of subfolders:
Applications and Services Logs
Microsoft
Windows
Expand the Code Integrity subfolder under the Windows folder to display its context menu.
Select View.
Select Show Analytic and Debug Logs. Event Viewer will then display a subtree that contains an Operational folder and a Verbose folder.
Select and hold (or right-click) Verbose and then select Properties from the pop-up context menu.
Select the General tab on the Properties dialog box, and then select the Enable Logging option near the middle of the property page. This will enable verbose logging.
Restart the computer for the changes to take effect.