Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [eventviewer]

This tag is for questions about Windows' Event Viewer. Event Viewer is where Windows stores logs generated by the Operating System and certain applications.

This tag is for questions about Windows' Event Viewer and Event Logs. Event Viewer is where Windows stores logs generated by the Operating System and certain applications.

Event Viewer has three primary logging areas:

  • Application
  • Security
  • System

Recent Versions of Windows (Vista and later / Server 2008 and later) have a large number of additional log areas.

Most Windows components (such as services) log to the System log, with notable exceptions being IIS and user-related operations (such as folder redirection at login) which log to the Application log. Programs that you write should log either to their own log areas or to the Application log. The Security log records successful and failed logins.

See also:

202 questions
0
votes
0 answers

How to find reason behind changed state of virtual machines?

I am working in Windows Virtual machines which were part of Hyper-V setup. It was in running state but now I see it state as "OFF", I have manually changed the state to "Running" but I want to know the root cause. Please help to find the logs. I…
kudlatiger
  • 361
  • 2
  • 5
  • 18
0
votes
1 answer

Event log forwarding: source initiated not working for desktops

I have successfully set up 2 subscriptions for collector initiated and they are fowarding events. Now I am attempting to add a 3rd subscription to get the logs for all my desktops, so due to the number of them, I'm using source initiated to use…
AB_MS3
  • 1
  • 2
  • 4
0
votes
0 answers

Is there an Windows Event Viewer Event for "No available connections" or No Ethernet Connection?

I am trying to create a GPO that disables a laptop's wireless card whenever a Ethernet LAN is detected, and Enable the wireless whenever an Ethernet LAN is not detected. Right now I have a GPO that works by disabling/enabling wireless when an…
Michael
  • 141
  • 4
0
votes
1 answer

Windows 7 Pro blue screen Event Viewer Event ID 10

I have a user who's Windows 7 Pro machine repeatedly blue screens and the Event Viewer has numerous entries like below that seem to occur about the time of the BSOD occurrences. I would appreciate any help in understanding if this entry might be…
MGump
  • 1
  • 1
0
votes
1 answer

Standard Setting for Audit Policy in Local Group Policy Editor

Please let me know what is the standard Setting for below Security Setting ( Audit Policy ), which are followed in most of the Company. For Eg:- Should i set ' Success & Failure ' for ' Audit account logon events ' & for ' Audit account management'…
Param
  • 1,357
  • 14
  • 36
  • 52
0
votes
1 answer

How to tell who made this change?

How do I tell who made the change in the following event log entry? What/who is Caller User Name? XXXXTE-MAIL (without the $) is the computer name of the domain controller. This entry is from the event log of this domain controller.
Old Geezer
  • 397
  • 8
  • 25
0
votes
0 answers

File Auditing in Cluster Shared Volumes

I'm trying to simply enable file auditing on a windows share (2012 R2)on top of cluster shared volume. But it doesn't behave as I expected it to behave. Here's the story: I enabled file auditing policy and confirmed that it was applied by RSOP.msc…
user2629636
  • 774
  • 5
  • 19
  • 40
0
votes
1 answer

ASP.NET APP on IIS 7.5 on windows server 2008 r2 - does not log unhandled exceptions

we have APS.NET application running on IIS 7.5 on Server 2008r2. When developers debug the code in VS2012 web server the unhandled exceptions are logged in EventViewer but when the app is deployed on production some exceptions did not arrive in EV.…
user151254
  • 3
  • 2
0
votes
1 answer

Task scheduler not logging failure to operational view in event viewer

The task scheduler below clearly errors but it never shows up under the task scheduler operational view as being failed but completed successfully. I want to send an email on a failed task scheduler to myself. I could do this on my old box not…
Mike Flynn
  • 244
  • 1
  • 4
  • 13
0
votes
2 answers

Windows Event Viewer AppLocker XPath filter

I'm running AppLocker and would like to filter out some noise from the events being logged in Event Viewer using XPath. Specifically, I want to hide any events which related to CMD.exe Here's an example entry I want to get rid of:
Alan Isherwood
  • 36
  • 7
0
votes
2 answers

Notification of low DHCP pool in split scope setup

In Windows Server 2008 R2, it is possible to read the Event Viewer for EventID 1020 which is an indication that the DHCP pool is running low on addresses. What if I have two DHCP servers in my domain that use an 80/20 split scope to take a /24 pool…
JJBladester
  • 13
  • 1
  • 5
0
votes
0 answers

Windows Server Audit Failure from Client

Every several minutes I get an audit failure from one of my clients running Windows 8 on ports 56280 to 56294 in the event log of my server which provides DHCP/DNS/DC for that client. Do you have any idea what those ports are or how I can find out…
Theveloper
  • 164
  • 2
  • 11
0
votes
1 answer

Reading logs from Event viewer 2008 server

I found the path as to where the logs are stored -> %SystemRoot%\system32\winevt\logs When double clicking one of the .evtx logs it opens it in the event log viewer. Is there a way to open it without using the event log viewer for example in a .doc…
Valentin
  • 1
0
votes
1 answer

7024 event on Windows service shutdown

I am seeing the following event in event viewer:
Vic
  • 95
  • 3
  • 13
0
votes
1 answer

Can eventvwr.msc's log files be exported to text or sql server in Windows?

Can the events from the "Event Viewer" (eventvwr.msc) in Windows (7/2003 Server/2008 Server R2) be exported to sql server or to text files? Every search I do on Google for this returns how to export sql server integration services into sql server…
leeand00
  • 4,869
  • 15
  • 69
  • 110
1 2 3
13 14