How to monitor the Print Service activity?
In order to do this, you may perform the following steps (Windows Server 2008/Vista and above):
- Enable the Print Service Operational log:
- Log on to the machine where your printer is installed and start Event Viewer.
- Navigate to the following node, right click it and select Properties:
Applications and Service Logs / Microsoft / Windows / PrintService / Operational
- Turn on the “Enable logging” check box, specify the “Maximum log size” parameter as 299968 Kb and select the “Overwrite as needed” option.
- Click Apply. Click Ok.
- To allow Netwrix Auditor – Generic Events to collect the PrintService operational log, please perform the following steps:
- Start Netwrix Auditor and navigate to the following node:
Managed Objects / <Your Managed Object> / Event Log Manager
- Make sure the “Enable network traffic compression” option is turned ON.
- Navigate to the following node:
Managed Objects / <Your Managed Object> / Event Log Manager / Audit Archiving Filters
- Create a new Inclusive filter with the following settings and enable it:
Description: PrintService Operational log
Event Log: Microsoft-Windows-PrintService/Operational
Write to: Both