Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [eventviewer]

This tag is for questions about Windows' Event Viewer. Event Viewer is where Windows stores logs generated by the Operating System and certain applications.

This tag is for questions about Windows' Event Viewer and Event Logs. Event Viewer is where Windows stores logs generated by the Operating System and certain applications.

Event Viewer has three primary logging areas:

  • Application
  • Security
  • System

Recent Versions of Windows (Vista and later / Server 2008 and later) have a large number of additional log areas.

Most Windows components (such as services) log to the System log, with notable exceptions being IIS and user-related operations (such as folder redirection at login) which log to the Application log. Programs that you write should log either to their own log areas or to the Application log. The Security log records successful and failed logins.

See also:

202 questions
8
votes
2 answers

Application Event Log keeps getting corrupted

I recently asked about repairing a corrupt event log, because it seemed to be a one-off event. The event log has since exhibited the same behavior 3 times. We have been trying to find patterns, but so far we have found nothing. The server runs…
yakatz
  • 1,213
  • 4
  • 12
  • 35
8
votes
3 answers

how do i find application name using GUID from error in event viewer on Windows Server 2003?

A Windows Serve 2003 machine logged an error in Event Viewer with the COM+ Event System, saying it could not marshal the subscriber for a particular subscription and then gave the SID/GUID, which…
user717236
  • 265
  • 1
  • 4
  • 17
7
votes
3 answers

Windows event codes for startup/shutdown lock/unlock

I'm trying to build up a list of event Ids that can be used to determine when the machine has been shutdown, started up, locked and unlocked. So far, I've found 6 event IDs which seem to be best candidates but I was wondering if there was a better…
Dan Atkinson
  • 181
  • 2
  • 2
  • 9
7
votes
2 answers

Unexpected results from an XML query filter for security event log

Folks, I am trying to craft a custom XML / Xpath filter to the Windows Event Log viewer to exclude the countless "SYSTEM" Logons from the security log's view. I have managed to get this far with the help of the Technet blog on XML…
the-wabbit
  • 40,737
  • 13
  • 111
  • 174
6
votes
1 answer

How Can I Consolidate all Event Viewer Logs from different Servers

Currently I use Microsoft Management Console to check Event Viewer logs on 20 servers. Every time I click on one server, my custom view it takes 2 minutes to load. I need to find a faster way to check all these 20 servers since I do this daily. Is…
user312042
  • 83
  • 4
6
votes
6 answers

shortcut for Eventvwr > Connect to another computer

I was wondering if you can write the following action in a batch command? eventvwr (open the event viewer) Menu Action > Connect to another computer Type in the name of the computer. Connect. This would make my life just a few minutes/day more…
Peter
  • 161
  • 2
  • 10
5
votes
3 answers

Event Viewer Warning: "Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004F057"

I have Windows Server 2012 R2 Standard running on a Dell PowerEdge T320. The server is near one month in use as a domain controller. I've noticed this warning entry showing in the Application log since I first turned it on, even before I performed…
TheMessenger
  • 129
  • 1
  • 3
  • 12
5
votes
0 answers

Corrupt General Tab in Event Viewer

Whenever ASP.NET reports a dangerous query string value to the Application log and the request contains a certain combination of characters; the event viewer will not show the error information and only shows 1 or 2 special characters. Clicking…
W4keDotNet
  • 51
  • 2
5
votes
2 answers

Is it possible to grant Read-Only Access to all Event Logs on Domain Controllers

I would like to grant Read-Access to event logs on all my domain controllers, ideally at a domain level using GPO. I would like members of a group to be able to view the Application Log, the System Log, and several logs in "Application and Services…
Andy Schneider
  • 1,543
  • 5
  • 19
  • 28
5
votes
1 answer

How do I fix a custom Event Viewer Log that merges automatically with the Application log?

I am trying to create a custom event log for a Windows Service on Windows Server 2003. I would like to name the custom log "(ML) Startup Commands". However, when I add a registry key with that name to…
NightOwl888
  • 281
  • 3
  • 13
4
votes
2 answers

How does Windows Event forwarding work with non domain computers? (certificates)

In reasearching this question I've looked at the following documents and none of them describe the options or flexibility of the event collector service. Microsoft's Event Collector Service on Technet (too procedural, I'm just looking for how it…
makerofthings7
  • 8,911
  • 34
  • 121
  • 197
4
votes
2 answers

Opening an archived "Application Event Log" (Hidden Directory)

I'm an admin on the box. I've turned off all the folder options "Hide protected operating system files" and turned on "Show hidden files and folders". I can see this folder in Windows Explorer: C:\Windows\System32\winevt\Logs but I cannot see it…
NealWalters
  • 1,333
  • 8
  • 19
  • 39
4
votes
3 answers

Event Log > Filter Current Log > XML > where EventData contains text

I'm trying to search through the windows event log for anything where the event data contains the string TCP Provider, error: 0 as part of a longer error message. To do this I created the code below:
JohnLBevan
  • 1,214
  • 7
  • 22
  • 46
4
votes
3 answers

Remote Desktop Services login history

Is it possible to generate a report of past user logins to a Windows Server 2008 Remote Desktop Services server? The closest Event Viewer logs I can find are under Application and Services Logs --> Microsoft --> Windows -->…
Ash
  • 485
  • 9
  • 18
  • 28
4
votes
4 answers

Unknown and strange RDP successful logins in EventViewer

I have a Windows Server 2008 R2 with a valid IP, and recently I've found hundreds of unknown and strange RDP successful logins logged in EventViewer. Here are some details: They are not similar to normal logins, they happen like every second in a…
Yousef Salimpour
  • 171
  • 1
  • 1
  • 3
1
2
3
13 14