How to monitor the Print Service activity

Event Log Management
6.5 and older
Copy Article URL Copied

How to monitor the Print Service activity?

In order to do this, you may perform the following steps (Windows Server 2008/Vista and above):

  1. Enable the Print Service Operational log:
  • Log on to the machine where your printer is installed and start Event Viewer.
  • Navigate to the following node, right click it and select Properties:
Applications and Service Logs / Microsoft / Windows / PrintService / Operational
  • Turn on the “Enable logging” check box, specify the “Maximum log size” parameter as 299968 Kb and select the “Overwrite as needed” option.
  • Click Apply. Click Ok.
ELM - Print Server Operational Log
  1. To allow Netwrix Auditor – Generic Events to collect the PrintService operational log, please perform the following steps:
  • Start Netwrix Auditor and navigate to the following node:
Managed Objects / <Your Managed Object> / Event Log Manager 
  • Make sure the “Enable network traffic compression” option is turned ON.
  • Navigate to the following node:
Managed Objects / <Your Managed Object> / Event Log Manager / Audit Archiving Filters
  • Create a new Inclusive filter with the following settings and enable it:
Name: PrintService
Description: PrintService Operational log
Event Log: Microsoft-Windows-PrintService/Operational
Write to: Both
ELM - Audit Archiving Filters
To review the Print Service events, you may run the All Events by User report with Log Name filter as Microsoft-Windows-PrintService/Operational:

ELM - All Events by Computer

Go Up