Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [windows-event-log]

"Event log" usually refers to the system/server logs on Microsoft Windows machines.

"Event log" usually refers to the system/server logs on Microsoft Windows machines.

617 questions
0
votes
0 answers

Event:4005 The Windows log-on process has unexpectedly terminated

We have 3 RDS 2012 R2 hosts setup in our network, they are all stand alone session hosts. In the last month or so the WinLogin process has been crashing and causing people to not be able to log in. More often than not, it happens on a Friday…
TheRealTy
  • 234
  • 4
  • 15
0
votes
1 answer

Requested registry access is not allowed - server logs

I am trying to run a script to gather the application, system and security log errors. I can run it remotely but I have to go over the WAN to do that. I want to run it locally on the domain controller. When I run it locally, I get "Requested…
Margaret Auld-Louie
  • 1
  • 2
0
votes
2 answers

Windows dns analytic logging to remote destination

Full disclosure, I am not a Windows admin and neither a Windows expert. As of Windows 2012 r2, it is supported to record DNS Analytic logs in Windows DNS server. My task is to get those logs to a remote server (preferbly using NXLog), but it…
xeet
  • 300
  • 2
  • 7
0
votes
1 answer

wevtutil Failed to export remote log

I use: wevtutil epl Application c:\logs\application.evtx And export Envenlog. But when export a remote machine using: wevtutil epl Application c:\logs\application.evtx /r:remote-machine Don't work. I get and error. Failed to export log Application.…
Victor Sanchez
  • 45
  • 2
  • 9
0
votes
1 answer

ossec 2.8.3 : getting autentication alerts from Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational

on ossec 2.8.3 I am trying to get alerts only for rdp autentications from windows agents. These events are shown in the clients event log Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational for example with eventID 1149 I have in…
golemwashere
  • 734
  • 1
  • 10
  • 22
0
votes
1 answer

Setting ASP.NET account permissions to be able to write/create new sources in the Event Log

How do I go about allowing the ASP.NET account to write to the windows event log? I am trying to create a new 'source' in the event log and its not playing :( I think I can create the log by hand in the registry but this seems cumbersome. I'd…
Matt
  • 111
  • 4
0
votes
1 answer

Troubleshooting a Powershell script that sends email

This script is sending an email when a particular event is triggered. I am running this script when a file screen i have configured on FSRM detects a user saving specific file types. The command tab is where I am running powershell.exe and for the…
veel84
  • 288
  • 1
  • 6
  • 14
0
votes
1 answer

IIS6 + Umbraco: Service Unavailable

On our test box we're intermittently getting a blank page with "Service Unavailable" when trying to access one particular site that is built in Umbraco. Other sites are fine. We seem to get a few errors in the event log like the one below before the…
Rob Stevenson-Leggett
  • 613
  • 2
  • 7
  • 20
0
votes
2 answers

Need a backup of entire event log of windows servers using cmd or powershell

I am tasked to take a backup of all the eventlogs across all the servers and retain them for 30 days. I written a simple powershell to do this. Get-winevent -Listlog * | select Logname, Logfilepath | ForEach-Object -Process { $name =…
Teja
  • 45
  • 1
  • 5
0
votes
1 answer

Audit Logon Events not turned on but still generates 4624 events

Why would a Windows Server still generates 4624 events (An account was successfully logged on) in the Security log even though the Audit Policy's Audit logon events value is set to No auditing.
Fahmy Aziz
  • 105
  • 4
0
votes
2 answers

Track folder for create/delete/move events and send a daily report

I'd like to track events such as create/delete/move for files and folders on a certain file server. This should work based on certain folders only (track folder x and nothing else). This is a Windows Server environment. Here is what I did so…
duenni
  • 2,959
  • 1
  • 23
  • 38
0
votes
2 answers

Windows Event Log export to MySQL DB

I have windows 2008 R2 server. Is there any way all events can be logged in my linux base mysql database ? or is there any way i can log specific event in mysql tables?
Syed Jahanzaib
  • 169
  • 2
  • 11
0
votes
1 answer

Forward `Application and Service Logs` as SNMP traps

Windows 2012 R2. How to add EventLogs from Application and Service Logs\Microsoft\Windows to be able send them as SNMP traps using evntcmd utility. I try find them using evntwin utility ant can not find them. In particular I want add…
moteus
  • 111
  • 3
0
votes
0 answers

Write-Eventlog to create events

I try to create events with similar codes like this: Write-EventLog -LogName 'Windows PowerShell' -Source PowerShell -EventId 12345 -EntryType Information -Message 'Script started' Creation process is seemly successful, but I cannot found the event…
appkovacs
  • 1
  • 1
0
votes
0 answers

How to check who or what removed my RDP session?

As in the subject. I think it would be a good to know as much as possible things to check who or what removed my RDP session. For instance, we have a developer console server, where we do some development and many times we leave the sessions…
essential
  • 109
  • 4
1 2 3
41 42