Event log
About Event Log
Using the event logs in Event Viewer, you can gather information about hardware, software, and system problems. You can also monitor Windows security events.
The Event Log service starts automatically when you start Windows . All users can view application and system logs. Only administrators can gain access to security logs.
Event Log Sections
Section |
Description |
A computer running any version of Windows NT/XP records events in three kinds of logs: |
Application log |
The application log contains events logged by applications or programs. For example, a database program might record a file error in the application log. Program developers decide which events to monitor. |
| Security log |
The security log records events such as valid and invalid logon attempts, as well as events related to resource use such as creating, opening, or deleting files or other objects. An administrator can specify what events are recorded in the security log. For example, if you have enabled logon auditing, attempts to log on to the system are recorded in the security log. |
| System log |
The system log contains events logged by Windows system components. For example, the failure of a driver or other system component to load during startup is recorded in the system log. The event types logged by system components are predetermined by Windows. |
| A computer running Windows configured as a domain controller records events in two additional logs: |
| Directory service log |
The directory service log contains events logged by the Windows directory service. For example, connection problems between the server and the global catalog are recorded in the directory service log. |
| File Replication service log |
The File Replication service log contains events logged by the Windows File Replication service. For example, file replication failures and events that occur while domain controllers are being updated with information about sysvol changes are recorded in the file replication log. |
| A computer running Windows configured as a Domain Name System (DNS) server records events in an additional log: |
| DNS server log |
The DNS server log contains events logged by the Windows DNS service. Events associated with resolving DNS names to Internet Protocol (IP) addresses are recorded in this log. |
Event Types
Type |
Description |
Information |
An event that describes the successful operation of an application, driver, or service. For example, when a network driver loads successfully, an Information event will be logged. |
Warning |
An event that is not necessarily significant, but may indicate a possible future problem. For example, when disk space is low, a Warning event will be logged. |
Error |
A significant problem, such as loss of data or loss of functionality. For example, if a service fails to load during startup, an Error event will be logged. |
Success Audit |
An audited security access attempt that succeeds. For example, a user's successful attempt to log on to the system will be logged as a Success Audit event. |
Failure Audit |
An audited security access attempt that fails. For example, if a user tries to access a network drive and fails, the attempt will be logged as a Failure Audit event. |
|