Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [windows-event-log]

"Event log" usually refers to the system/server logs on Microsoft Windows machines.

"Event log" usually refers to the system/server logs on Microsoft Windows machines.

617 questions
10
votes
3 answers

Windows Event Log Rotation?

Windows Server 2003. Is there any way to easily rotate event logs (or automatically clear and save)? I'm doing a bit of auditing on this machine and my security log gets real big real quick and every couple of weeks I have to remember to save and…
Boden
  • 4,968
  • 12
  • 49
  • 70
9
votes
3 answers

Where can I see what calls of EXE-programs have been made (including the arguments)?

Is there any log-file within Windows where all EXE-calls are tracked or is it possible to enable such a log? Would this contain the arguments / parameters of these calls? Thanks
MartinHappyCoding
  • 191
  • 1
  • 2
9
votes
1 answer

Lots of FAILURE AUDIT: an account failed to log on entires in Security Log

I have received lots of failure audits on my server. From the log, I have identified the particular machine that is the culprit. How can I identify which process is sending the login request? Do you have any idea how to find out? Below is the detail…
Param
  • 1,357
  • 14
  • 36
  • 52
8
votes
1 answer

Simple solution to get notification when certain events appear in Windows logs

What is the most simple way to get a notification when specific events appear on Windows logs - anywhere on a windows network.
Steffen Maier
  • 537
  • 4
  • 7
8
votes
1 answer

Windows Events for Remote Desktop logon failure

According to ref the logon types 10 and 3 in windows events are represnting Logon Type 10 = RemoteInteractive Logon & Logon Type 3 = Network Logon But when i tried to connect a Windows machine via "Remote Desktop Connection" with a wrong username…
apm
  • 183
  • 1
  • 7
8
votes
2 answers

What is a valid destination log for Windows event forwarding

I'm running into an issue when trying to use a custom log journal for storing forwarded events (via subscription) on a Windows 2008 R2 server, the custom log being described as not being a "valid destination log". I'm currently setting up an…
MikeSec
  • 81
  • 1
  • 4
8
votes
6 answers

Windows Event Log - email notification

Is there an easy way to send an email when a particular severity of event from a particular service hits the Windows server event log? This is on Windows Server 2003, if it makes a difference. n.b. we do have proper monitoring and alerting in place…
Matt Howells
  • 181
  • 1
  • 1
  • 4
8
votes
1 answer

New event log nowhere to be found after creating in PowerShell

Through PowerShell, I am attempting to create a new event log and write a test entry to it, but it is not showing up the Event Viewer. This is the command I'm using to create a new event log: new-eventlog -logname TestLog -source TestLog And to…
Matt
  • 291
  • 2
  • 9
8
votes
2 answers

Is there any way to undo after clearing a log on Windows 2008 server?

I accidentally cleared a event log. Is there any way I can get it back?
Duk
  • 83
  • 1
  • 1
  • 4
7
votes
3 answers

Windows event codes for startup/shutdown lock/unlock

I'm trying to build up a list of event Ids that can be used to determine when the machine has been shutdown, started up, locked and unlocked. So far, I've found 6 event IDs which seem to be best candidates but I was wondering if there was a better…
Dan Atkinson
  • 181
  • 2
  • 2
  • 9
7
votes
1 answer

How to allow a domain user to write the Windows Event Log (2008 R2 or newer) without Local Admin privileges?

We are very concerned about security so we don't grant local admin privileges if not fully required or troubleshooted first. I have an application provider who needs to write the Windows Event Log. The credentials to run their services are from a…
MEXLG
  • 71
  • 1
  • 1
  • 3
7
votes
1 answer

Does Windows log a "Member removed" event for security groups when an AD user account is deleted?

We have AD DS security auditing enabled on a Windows Server 2008r2 functional level domain. We use a third party tool to alert us to changes to our administrative group memberships. We recently deleted several service accounts that were members of…
Thomas
  • 890
  • 4
  • 18
  • 37
7
votes
1 answer

How do I get as much debugging info as possible out of the Network Policy Server (ias) service?

We are trying to authenticate a client on remote vpn, through a Meraki Z1 teleworker appliance. The Z1 is sending a proper request, the Network Policy Server (ias) service is apparently authenticating the user because our NPS log shows that there…
Peter Grace
  • 3,456
  • 1
  • 27
  • 43
7
votes
2 answers

Unexpected results from an XML query filter for security event log

Folks, I am trying to craft a custom XML / Xpath filter to the Windows Event Log viewer to exclude the countless "SYSTEM" Logons from the security log's view. I have managed to get this far with the help of the Technet blog on XML…
the-wabbit
  • 40,737
  • 13
  • 111
  • 174
7
votes
2 answers

Windows Application Experience Service

On a Windows 2008 R2 Enterprise server, the event log is reporting event id 7036 "The Application Experience service entered the stopped state" and then later that it has started. This occurs approximately once an hour every day. Based on all the…
floyd
  • 1,530
  • 4
  • 19
  • 30
1
2
3
41 42