"

How to monitor the Print Service activity

Last review: Sep 09, 2013
https://kb.netwrix.com/809
Copy Article URL Copied

How to monitor the Print Service activity?


In order to do this, you may perform the following steps (Windows Server 2008/Vista and above):

  1. Enable the Print Service Operational log:
  • Log on to the machine where your printer is installed and start Event Viewer.
  • Navigate to the following node, right click it and select Properties:
Applications and Service Logs / Microsoft / Windows / PrintService / Operational
  • Turn on the “Enable logging” check box, specify the “Maximum log size” parameter as 299968 Kb and select the “Overwrite as needed” option.
  • Click Apply. Click Ok.
ELM - Print Server Operational Log
  1. To allow Netwrix Auditor – Generic Events to collect the PrintService operational log, please perform the following steps:
  • Start Netwrix Auditor and navigate to the following node:
Managed Objects / <Your Managed Object> / Event Log Manager 
  • Make sure the “Enable network traffic compression” option is turned ON.
  • Navigate to the following node:
Managed Objects / <Your Managed Object> / Event Log Manager / Audit Archiving Filters
  • Create a new Inclusive filter with the following settings and enable it:
Name: PrintService
Description: PrintService Operational log
Event Log: Microsoft-Windows-PrintService/Operational
Write to: Both
ELM - Audit Archiving Filters
To review the Print Service events, you may run the All Events by User report with Log Name filter as Microsoft-Windows-PrintService/Operational:

ELM - All Events by Computer

Go Up