"Event log" usually refers to the system/server logs on Microsoft Windows machines.
"Event log" usually refers to the system/server logs on Microsoft Windows machines.
Questions tagged [windows-event-log]
617 questions
2
votes
1 answer
Issue with Powershell script not filtering by date
I've put together this powershell function to basically pull events from the NPS log (Specifically denied authentication attempts) from the last point the script was run (the $date variable), sort out the IP and date the log entry was written on and…
mitchell2423
- 25
- 5
2
votes
1 answer
IP Address Change event id for Windows 10?
Is there an event id / log / log source for when an ip, gateway, netmask changes in Windows 10?
leeand00
- 4,869
- 15
- 69
- 110
2
votes
1 answer
Get rid of explanation in windows message log
I am wondering if it is possible to get rid (or simply not store in the first place) the "explanation" inside the events with a specific id, as e.g., event of class 4624 (win2008).
Although the question is generic, I include my particular use case…
Briomkez
- 123
- 3
2
votes
2 answers
Windows Server 2016 and Windows 10: Cannot set up Windows Event Forwarding via HTTPS
Alright so I've been trying to set up Windows Event Forwarding via HTTPS for a while now and in the process, I've hit my share of errors that I managed to address one by one, but now I've been stuck on one that I can't seem to fix.
Also, I want to…
Aura
- 471
- 1
- 5
- 12
2
votes
2 answers
Permissions changes on Windows event log are not working (GPO change)
I'm trying to grant permissions to the Network Service account (SID S-1-5-20) on the event log "Microsoft-Windows-CAPI2/Operational" (see picture below). However I need to push this change on more than 1000 servers, and more are coming. So my…
Michel de Crevoisier
- 571
- 4
- 9
2
votes
1 answer
Session "NT Kernel Logger" failed to start
I have encountered an error on windows server 2012 recently.
Session "NT Kernel Logger" failed to start with the following error: 0xc0000022
More Details:
LogName: Microsoft-Windows-Kernel-EventTracing/Admin
Event ID: 2
Level: error
OpCode: start …
Arani
- 326
- 3
- 20
2
votes
1 answer
filtering event logs with specific TIME range of ANY day
How can I query windows server events between two times of any day?
I have tried with PowerShell...
Get-EventLog -Logname xxxx -After 04:00:00 -Before 04:00:30
...but just returns today's events
jreinap
- 23
- 1
- 4
2
votes
1 answer
system center operation management ( SCOM ) log collection and full text searching
I want to collect all events in all windows servers (nearly 50 server) (from windows event viewer) in SCOM, and full text search on it.
My question is: how can I do it?
sorosh_sabz
- 187
- 12
2
votes
1 answer
Filter Windows Event Security logs by a range of Source IP Address
So i know you could filter by a Source IP Address. But what if you want to filter by a range of Source IP address. i tried
Troubled
- 21
- 2
2
votes
1 answer
Windows Backup / wbadmin errors | Source: SPP | Event id: 16389 | Increase SPP CreateTimeout?
After a reboot we encounter while the first backup (wbadmin) on a Windows Server 2016 these errors in the eventlog:
Source: SPP
Event ID 16389
Details: The writer's timeout expired between the Freeze and Thaw events (0x800423f2)
Weak hardware…
marsh-wiggle
- 2,145
- 5
- 29
- 45
2
votes
1 answer
Windows 2016 Server Event Date Time is in Future
Current machine date time is Sept 25th 2018 06:05PM but there are numerous error/warning logs with FUTURE time, Like 6:23PM. I checked at 6:05PM but not sure when those errors actually happened. How can an event happen in future?
Mehdi Anis
- 179
- 2
- 7
2
votes
3 answers
Turn Windows Event Logs EVT files into Syslog to send to LogLogic
I have a a requirement to analyze 13gb of Windows logs by feeding it into a LogLogic Log aggregator. LogLogic is essentially Linux Syslog server, it can take a Syslog (Tcp/udp 514) feed or log on to a windows share and pull a flat file log. The…
TrevJen
- 264
- 1
- 7
- 23
2
votes
3 answers
Remove PCs from Source-Initiated Windows Event Forwarding?
I've Googled this and haven't found any answers.
(yep, I also posted on TechNet about this)
I have a few workstations that have been decommissioned and are showing as "Inactive". I'd like to remove them from the subscription to minimize the…
beansbeans
- 71
- 1
- 8
2
votes
2 answers
Is it possible to view events from all event logs (including "Applications and Services Logs") simultaneously?
One of my clients' friends suffered a hack-attack this morning due to an insecure Remote Desktop configuration and I was asked to take a look. (All of their business files were encrypted by the 2018-Q1 strain of the Dharma ransomware).
Fortunately…
Dai
- 2,290
- 8
- 27
- 43
2
votes
1 answer
Sources (protocols) for Audit Failures (Event ID 4625) in Windows Event Log
I have public-facing Windows Server 2016 virtual machine. Remote desktop port was changed from default to some number over 20,000.
There is nothing of interest hosted on this VM. I just use it as a test bed for software development.
However, I still…
Joe Schmoe
- 315
- 7
- 15