Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [eventviewer]

This tag is for questions about Windows' Event Viewer. Event Viewer is where Windows stores logs generated by the Operating System and certain applications.

This tag is for questions about Windows' Event Viewer and Event Logs. Event Viewer is where Windows stores logs generated by the Operating System and certain applications.

Event Viewer has three primary logging areas:

  • Application
  • Security
  • System

Recent Versions of Windows (Vista and later / Server 2008 and later) have a large number of additional log areas.

Most Windows components (such as services) log to the System log, with notable exceptions being IIS and user-related operations (such as folder redirection at login) which log to the Application log. Programs that you write should log either to their own log areas or to the Application log. The Security log records successful and failed logins.

See also:

202 questions
4
votes
2 answers

users unable to view security log in event viewer

I want to create a user account who is able to view the security log in event viewer, but not as a administrator, just as a power user. I had been getting this error when I click the security log: Unable to complete the operation on "Security". A…
nearownkira
4
votes
1 answer

An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {45FB4600-E6E8-4928-B25E-50476FF79425}

I'm getting the following error message in Azure Windows 10 Application Event log periodically: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {45FB4600-E6E8-4928-B25E-50476FF79425} was…
Maxim Masiutin
  • 273
  • 1
  • 5
  • 15
3
votes
1 answer

A ton of Logon/off events in Event Viewer

I am running a Win2012 server in VMware, I have installed IIS, NAP, VPN, DHCP, DNS, WDS, AD DS, AD CS. I have win7 clients in my domain, but they're not turned on. The problem is, I am getting a crasy amount of events with ID 4634, 4624 and 4672. I…
Bungicasse
  • 145
  • 1
  • 1
  • 10
3
votes
1 answer

Event Viewer Filtering does not work - invalid query

First of all, I'd like to rant about how stupidly hard searching for something event logs, but I bet MS is not listening to me so that's about it. My problem is this: I'm trying to find out all the events that have this value (0x84e9c0d) in the…
user2629636
  • 774
  • 5
  • 19
  • 40
3
votes
2 answers

Where in the event log is the IIS AppPool recycling events being recorded?

I turned on all the options for IIS AppPool recycling logging and recycled the app pool a few times and I am not seeing the events in the event log. I refreshed a few sections in the event log. Where are these being recorded? Windows 7.
Tony_Henrich
  • 954
  • 3
  • 12
  • 23
3
votes
1 answer

How could I see by the event viewer log that the format of date was changed?

I need to see by the eventviewer log that the format of date was changed. I know that have the eventlog of ID 4616, but it's for DATE changing, and not lot when I just change the FORMAT of the date. The environment is a Windows 2008 server.
Only a Curious Mind
  • 163
  • 2
  • 6
3
votes
1 answer

Change an Applications and Services Logs log path using GPO

I am wanting to change the AppLocker Log path by a GPO. The specific log is found at Event Viewer \ Applications and Services Logs \ Microsoft \ Windows \ AppLocker \ EXE and DLL. I know you can change Application, Security, Setup, and System by…
Matthew Halliday
  • 154
  • 2
  • 3
  • 14
3
votes
2 answers

how to separate IIS event logs by application in event viewer

Just to start with, I would like to advise I am VERY new to IIS so apologies for any obvious questions in advance. I have done some research around this topic and my findings have been inconclusive. Here is my scenario; I am currently running IIS 6…
JPM
  • 141
  • 1
  • 7
3
votes
1 answer

Windows 2012 R2 Server Manager Fails to Load

I am unable to open Server Manager on our Windows 2012-R2 system. The error states: Server Manager cannot run because of an error in a user settings file. Click OK to restore default settings....... Clicking OK does not fix the issue. I've run…
user2565554
  • 353
  • 2
  • 10
  • 18
3
votes
1 answer

Script to export custom view Event Viewer to .evtx Powershell

This is my PowerShell script to export data from a Custom View in the Event Viewer via the XML data. set-executionpolicy unrestricted [xml]$CustomView = @"
user3603657
  • 73
  • 2
  • 7
3
votes
2 answers

GPO set to trigger in response to an event?

I want to trigger an action/task when an event is raised in any computer of the domain. It this possible via GPO, do or I need to deploy script to all machines on the domain?
POLLOX
  • 208
  • 3
  • 9
3
votes
1 answer

I need an XPath query to view all events in the Windows event log (custom view)

In Windows powershell you can type get-winevents without any parameters and it will dump all events. I would like access to all events in the event viewer using a custom view. I can of course just check off everything but this results in an xml…
test
  • 317
  • 1
  • 3
  • 7
3
votes
2 answers

Security Audit Failures in Event Viewer Windows Server 2008R2

When I am looking at the security tab of my event viewer on a Windows Server 2008 R2, I am showing a ton of Audit Failures with Event ID 4776. The computer attempted to validate the credentials for an account. Authentication Package:…
Jacob
  • 443
  • 1
  • 9
  • 23
3
votes
1 answer

Send mail on event log error trigger safe check frequency

I want to use powershell to alert me when an error occurs in the event viewer on my new Win2k12 Standard Server, I was thinking I could have the script execute every 10mins but don't want to put any strain on the server just for event log checking,…
Zeb Rawnsley
  • 145
  • 1
  • 2
  • 8
3
votes
2 answers

What log messages do I need to look for that indicate the start of a log-off in Windows Event Viewer?

Is there an Info message in Windows Event viewer that indicates the start of a log off? I'm trying to spot errors and warnings as a user logs off.
leeand00
  • 4,869
  • 15
  • 69
  • 110
1 2
3
13 14