Advanced Server can record a range of event types, from a system-wide event, such as a user logging on, to an attempt by a particular user to read a specific file. Both successful and unsuccessful attempts to perform an action can be recorded.
You can use the Audit policy to select the types of security events to audit. When an audited event occurs, an entry is added to the computer’s security log. The security log can be viewed with Event Viewer.
Because the security log is limited in size, carefully select the events to be audited and consider the amount of disk space you are willing to devote to the security log. The maximum size of the security log is defined in Event Viewer. .
For more information on setting the Audit policy, see Chapter 2, "Managing Advanced Server Domains," and "Managing the Audit Policy" in User Manager for Domains Help.