A Microsoft Windows NT and Windows 2000 log that records auditing events. You can view and manage the security log by using the administrative tool Event Viewer. Entries in the security log are either success entries, which are identified by a key symbol, or failure entries, which are identified by a padlock symbol.
You can view additional details by opening the property sheet for the particular event. You can also select events by filtering the security log. You can export the security log as a .csv file and import it into a spreadsheet or database program for further analysis.
In a high-security environment, you can enable a registry parameter named CrashOnAuditFail, which causes the system to display a Stop screen when the security log is full. This prevents unaudited system access on your server. When you restart the system, you must archive the current contents of the security log before continuing. See the Microsoft Windows NT Server Resource Kit or the Microsoft Windows 2000 Server Resource Kit (both from Microsoft Press) for more information.