AD Auditing with raw edition

Hi @CRT,

and welcome to the community! :v:

You can use the event console to forward your logs and filter them with event console rule packs or you just use logwatch. Another way is to build something on your own or use this localcheck from the community to get the desired result.

To do the finetuning for the logwatch you can write your own finetune config. Here is the example config:

Hope this helps.