Questions tagged [eventviewer]

This tag is for questions about Windows' Event Viewer. Event Viewer is where Windows stores logs generated by the Operating System and certain applications.

This tag is for questions about Windows' Event Viewer and Event Logs. Event Viewer is where Windows stores logs generated by the Operating System and certain applications.

Event Viewer has three primary logging areas:

Application
Security
System

Recent Versions of Windows (Vista and later / Server 2008 and later) have a large number of additional log areas.

Most Windows components (such as services) log to the System log, with notable exceptions being IIS and user-related operations (such as folder redirection at login) which log to the Application log. Programs that you write should log either to their own log areas or to the Application log. The Security log records successful and failed logins.

Auditing Log is Full - Eventlog Archive GPO not working

I am trying to create an Archive for Eventlog but it does not seem to work. Server 2k12 R2 Environment. Following is the GPO I have enabled: I have rebooted the server and made sure it is being applied using "gpresult /r /scope computer". I also…

group-policy windows-event-log eventviewer

asked Jun 21 '16 at 09:20

JustAGuy

vote

1 answer

Redirect to new log file selected event id - Manage the security event id 4624 and 4634 flooding

the security logs of the two domain controllers of my network are flooded by security events id 4624 and 4634 and to a lesser extent, 4672. Reading from the internet such a behavior is quite common, and not necessarily means an underlying issue /…

windows-server-2008 windows-event-log audit eventviewer

asked May 25 '16 at 20:18

Diego A

vote

1 answer

Events not visible in Event Log viewer

Last weekend a server crashed, during the investigation I noticed that in the immediate run up to the failure we saw a large number of a specific event in the application log. In an attempt to understand what was occurring I attached a task to that…

windows windows-server-2008-r2 windows-event-log eventviewer

asked Apr 04 '16 at 09:50

Patrick

1,280
1
15
36

vote

2 answers

2012 R2 print server not showing file names on Event id 307

I'm having trouble logging detailed information on my print server. Operational logging is enabled and working. The event ID 307 displays information about the jobs printed, but instead of the file name it shows: "Print document". I refeered to the…

windows-server-2012-r2 printing windows-event-log print-server eventviewer

asked Mar 22 '16 at 18:46

Black Lion

vote

1 answer

How does one add multiple computer names to a custom view in event viewer?

I'm trying to create a "Custom View" thru eventviewer on Windows 2k8R2-SP1 to see multiple logs from multiple nodes in a cluster in one view. But it doesn't seem to accept the remote computers' names by ip or by fqdn. Is there a specific way to add…

windows windows-server-2008-r2 windows-event-log eventviewer

asked Mar 08 '16 at 04:31

Ayan Mullick

vote

0 answers

Forwarded events not showing file path on event collector

I've set up one of the servers in our domain to be an event collector for AppLocker events from the client computers. I've then (via a GPO) configured two clients to forward their events to the event collector. This works just fine, I'm receiving…

windows-server-2012-r2 eventviewer applocker

asked Feb 03 '16 at 11:04

krsi

vote

1 answer

Visualization of Windows Event Logs

Are there specific tools (like rrdtool) or powershell commands to generate graphs of windows event logs? For the first I want to visualize the Windows Server 2008 R2 event log "PrintService". There is written on which time which user is printing on…

windows-server-2008-r2 eventviewer

asked Jan 06 '16 at 08:22

RogerSik

vote

1 answer

How to filter Windows 2003 security log from file?

I have a Windows 2003 Security log file in evt format. I need to filter the log by EventID 540 and produce a list of unique Users from it. I am working on a Windows 7 machine to do this. Any ideas on the best way? EDIT This script did it for…

windows-event-log eventviewer

asked Nov 13 '15 at 13:29

Mark Allison

2,188
7
26
45

vote

0 answers

Windows Server 2008 R2 - Failed login auditing

I am having issue with configuring Auditing on the server in order to catch failed and successful network logins. This morning we found one of our test machines with a strange login on the locked screen. Definitely not a user that exists on our…

windows-server-2008-r2 login audit eventviewer

asked Oct 21 '15 at 15:02

Robert Kołodziej

vote

2 answers

WinXP Event Viewer: Internet Explorer - how to log events?

I'm trying to debug a strange rendering/interaction issue with a web application in IE and thought I'd peek at the event viewer in Windows (XP) to see if anything odd was happening at the same time. I see categories for System, Security, Application…

internet-explorer windows-event-log eventviewer

asked Oct 07 '09 at 15:57

scunliffe

vote

3 answers

How to export event viewer errors to Excel in Windows Server 2012

How would I export errors of event viewer from Application and Security section to excel, it has any way to export in event viewer or I must use windows powershell?

windows-server-2012-r2 eventviewer

asked Sep 02 '15 at 17:47

adilahmed

vote

0 answers

Event Log trigger configuration for scheduled tasks not working despite working with the eventviewer

I'm trying to start a task that gets triggered by specific events. The XML configuration for the filter I'm using is the following: