Microsoft XP Professional has built in auditing and logging functions. Some events are logged by default. You can click on Start -> All Programs -> Administrative Tools -> Event Viewer to view the logs. By default there are 3 log files- Application, Security and System. The Application log tracks information and issues with software on the computer and the System log tracks information and issues for system or kernel level processes. The Security log however, is empty by default because none of the auditing is turned on by default.
In order to track things like failed attempts to access files or folders or when there were failed or successful logon attempts or when a new user account was created or an old one deleted you need to enable the various auditing features in the first place.
Logging events such as these can help you monitor your computer or network and prevent a successful attack and can also prove very useful in determining how and when an attack occurred if you use the logs as forensic evidence. But, they can't help if they're not turned on.
So, here are the steps to turn on Security Auditing in Windows XP Pro:
1. Click on Start
2. Click on All Programs
3. Click on Administrative Tools (*NOTE: Assumes Administrative Tools are visible. By default they are not. You have to right click on the Start Bar and select Properties. Then select the Start Menu tab and click on the Customize button. Select the Advanced tab and scroll to the bottom of the options for System Administrative Tools and select how you want them displayed)
4. Select Local Security Policy
5. Click on the + next to Local Policies to expand the tree
6. Select Audit Policy
7. For each option in the right panel you can double-click it to select whether you want to enable Success, or Failure. To disable logging of that type of event simply uncheck both the Success and Failure boxes
Keep in mind that logging everything can affect performance. Do some research to determine the right balance between logging and performance and figure out which events and activities you wish to log.