I am trying to scan my Windows Servers' Event Logs for SMB events. At first blush I thought my report not finding any might mean that I do not have any connections happening. No such luck. It seems that rather than the auditing creating events for the Windows Logs Application folder, there is another folder buried in the Applications and Service Logs.
Long story short, the events in the Applications and Service Logs are not showing up in my reporting. I assume this is because I am not scanning for them, but whatever the reason, I would like to sort it out so I can see which servers are logging these events.