Questions tagged [eventviewer]

This tag is for questions about Windows' Event Viewer. Event Viewer is where Windows stores logs generated by the Operating System and certain applications.

This tag is for questions about Windows' Event Viewer and Event Logs. Event Viewer is where Windows stores logs generated by the Operating System and certain applications.

Event Viewer has three primary logging areas:

Application
Security
System

Recent Versions of Windows (Vista and later / Server 2008 and later) have a large number of additional log areas.

Most Windows components (such as services) log to the System log, with notable exceptions being IIS and user-related operations (such as folder redirection at login) which log to the Application log. Programs that you write should log either to their own log areas or to the Application log. The Security log records successful and failed logins.

Group Policy settings for Event Logs

On a Windows Server 2008 R2 Standard Edition Domain Controller, with Windows 7 and Windows XP clients, is it "OK" to keep the setting below for Event Log files? And which setting will apply? Between Maximum log size of 1 GB or Retain Log to 30…

asked Aug 24 '12 at 12:20

Param

1,357
14
36
52

votes

2 answers

Can not see entries in Application Log in Event Viewer

Last week our Application Log appeared to be corrupt. Event Viewer said the log was 20MB, and had 18,446,744,073,709,550,735 (0.000000000008674 bits each) records (which can not possibly be true), and mmc would crash whenever we tried to view the…

windows-server-2008-r2 eventviewer windows-event-log

asked Jan 09 '12 at 20:51

yakatz

1,213
4
12
35

votes

2 answers

How can one learn to read the Windows Server event viewer and know what events are normal and which are signs of potential problems?

I have been managing Windows Server 2003 machines at work, but I am a software developer. (Please don't say 'hire a sysadmin', the point of this question is my own learning). How do server admins learn what to look for in event viewer? Sometimes…

windows windows-event-log eventviewer

asked May 03 '11 at 12:39

MetaGuru

votes

2 answers

Why are logon types on Domain Controller and Workstation different

When I logon to a specific machine in an Active Directory domain, the logon type recorded in Event Viewer is 10, but the same event log on the domain controller is 3. Why are the all of logon on the domain controller are logon type 3 while the logon…

windows active-directory domain-controller windows-event-log eventviewer

asked Jun 20 '22 at 05:26

Amin Mirzanejad

votes

0 answers

Windows not collecting logs. Error: The WinRM service is not listening for WS-Management requests

I am getting this error The WinRM service is not listening for WS-Management requests. User Action If you did not intentionally stop the service, use the following command to see the WinRM configuration: winrm enumerate…

active-directory windows-server-2016 windows-event-log eventviewer winrm

asked Dec 10 '19 at 09:47

Rajat jain

votes

1 answer

IP Address Change event id for Windows 10?

Is there an event id / log / log source for when an ip, gateway, netmask changes in Windows 10?

windows-10 windows-event-log eventviewer

asked Oct 09 '19 at 14:50

leeand00

4,869
15
69
110

votes

2 answers

Is it possible to view events from all event logs (including "Applications and Services Logs") simultaneously?

One of my clients' friends suffered a hack-attack this morning due to an insecure Remote Desktop configuration and I was asked to take a look. (All of their business files were encrypted by the 2018-Q1 strain of the Dharma ransomware). Fortunately…

powershell windows-event-log eventviewer

asked Mar 11 '18 at 06:47

Dai

2,290
8
27
43

votes

1 answer

Event log subscription returns error code (0x138C)

I have been battling getting event log subscriptions to work on my Server 2012 R2 domain controllers. I have created the collector-initiated-subscription using the GUI and selecting the defaults whenever possible. I selected my desired events and…

windows-server-2012-r2 domain-controller windows-event-log eventviewer winrm

asked Mar 10 '16 at 22:13

PenNerd

votes

1 answer

Domain member server causing continuous login failure for Administrator account

One of our domain member servers keeps producing continuous login failures (caught in Event viewer via Audit Policy) almost every minute. Here's a typical failure log (names & IPs obfuscated): Event Type: Failure Audit Event Source: Security Event…

windows-server-2008 domain login audit eventviewer

asked Nov 10 '14 at 13:52

miCRoSCoPiCeaRthLinG

votes

3 answers

Logon attempts - Tons of failure audits in Event Viewer on Domain Controller (Server 2003)

This is what the event looks like, under Security logs. There are tons of them. Is someone trying to brute force the network? This server is also used as a terminal services server.. Thanks any advice / help would be greatly…

asked Sep 15 '14 at 20:32

Samuel Pardee

votes

1 answer

Windows event log exclude user

We're running Windows 2012 with AD LDS (aka ADAM). We're troubleshooting an application, and the ADAM sync command that runs hourly is filling up our event log. The event viewer filters show how to exclude criteria for event IDs, but not how to…

windows windows-server-2012 eventviewer

asked May 14 '14 at 20:10

bgStack15

1,111
1
12
23

votes

1 answer

Save Custom View from Event Viewer in .evtx

I have a Custom View in the Event Viewer with a couple of Event id's. I know you can save those event id's in an .evtx file to open it. This proces has to be executed manually. Now is my question, how can I automate this? Through a PowerShell script…

windows-server-2008 powershell task-scheduler eventviewer

asked May 07 '14 at 11:41

user3603657

votes

1 answer

Backup/export custom view automatically from Event Viewer

How can I simply export or back-up a custom view from the event viewer? I do not want to export the regular Event logs, such as: System, Application, Security etc. But I want to export automatically my own whole custom view log with event id's.

windows-server-2008 eventviewer

asked May 05 '14 at 10:28

user3603657

votes

1 answer

Offline Windows Event ID Solution?

In my work i have many buildings with no internet , is there a program or an offline database for errors with event ID for Microsoft , so that will save my time for calling my assistants to search for the reason of a unique event Id . I wish my…

windows windows-event-log eventviewer

asked Apr 30 '14 at 21:17

nux

votes

0 answers

Powershell 3.0 Enter-PSSession fails randomly, reboot solves it. DCOM error in Event Viewer on target machine

Using PowerShell's Enter-PSSession (even locally, against the local computer) fails randomly with the following message. Running Windows 2012 Standard with all updates. The error message takes a while to show up. Command: Enter-PSSession…

windows-server-2012 eventviewer dcom powershell-v3.0

asked Apr 17 '13 at 22:36

Ricardo Pardini

Prev 1 2 3

…

13 14 Next