Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [windows-event-log]

"Event log" usually refers to the system/server logs on Microsoft Windows machines.

"Event log" usually refers to the system/server logs on Microsoft Windows machines.

617 questions
0
votes
3 answers

Getting Some Specific Types of Log

I'm want to get some logs from my server, but not general logs like syslog that gives me a lot of random logs. I want to know how I can get logs of things like logins(with time, IP and username), commands that the user ran, process running at the…
Nathan Campos
  • 241
  • 2
  • 11
0
votes
1 answer

how to centerlized Client Machine Event Log Auditing to one server?

We have Windows Server 2003 Enterprise DC for 2000 Windows XP SP3 Client Machine. We just want to centralized audit account logon/logoff event, security event log in windows client on one server. we are looking for best solution for this purpose,…
user19049
  • 487
  • 2
  • 14
  • 25
0
votes
2 answers

Exporting logon/logoff events from Windows event log

Environment: Windows Server 2008 R2 with Samba 3.5 domain & OpenLDAP backend. Background: on our previous Terminal Server (Windows Server 2003) we used logon/logoff scripts to log user logins and logouts respectively to plain text files on a network…
Andrew
  • 8,002
  • 3
  • 36
  • 44
0
votes
4 answers

Hide certain Error IDs in MS SQL logs

SQL 2005 Management Studio I have a replication job that is flooding the log with errors. We took the replication destination offline on purpose and we are aware of the issue. We dont want to delete the replication job yet though because (I'm told)…
Garrett
  • 1,638
  • 4
  • 15
  • 25
0
votes
1 answer

How to write proper XPath query for filtering certain application pool errors in Windows 2008 R2 Event log ("Applications" section)

does someone know how to write proper XPath query for filtering certain application pool errors in Windows 2008 R2 Event log ("Applications" section)? EventData in XML view from Application eventlog does not containt data descriptions: Event from…
GrZeCh
  • 605
  • 4
  • 12
  • 28
0
votes
1 answer

How do I find the source of a repeating fault in the System Log in Windows 7?

Every second I get the following fault in the system log in Windows 7. How do I find the source of this error and eliminate it? - -
Contango
  • 1,150
  • 5
  • 15
  • 31
0
votes
1 answer

Server 2003 - Event Viewer 540 Anonymous Logon from strange IPs

The Event Viewer for my Windows Server 2003 machine is flooded with these 540 login attempts from IP addresses in foreign countries. It looks like somebody is trying to access my machine - what sort of logon attempt could this be? Is there anything…
user66827
  • 215
  • 2
  • 3
  • 9
0
votes
1 answer

Strange logon activity for Administrator in Event Logs

On one of our public facing servers the Administrator account logged in at 6:45am GMT. It wasn't a member of staff. Details from the event logs 1st event Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: …
best
  • 301
  • 2
  • 4
  • 11
0
votes
1 answer

What are the diffences between evntwin and evntcmd?

I want to send my eventlog via SNMP trap in order to monitor it, but something is not clear in my mind. I saw i need to configure traps destination in SNMP service in services.msc and then I also need to add some eventlogs to send via SNMP in the…
Fbo
  • 933
  • 5
  • 7
0
votes
2 answers

HP ProLiant DL380 G7 iLO error

I have a HP ProLiant DL380 G7 server which sent me an email that's got me worried. The system has detected the following event: SNMP Trap: 9006 Date time: 03/19/2011 11:47:46 PM Computer: DC1.domain.local Source: Server…
Alex
  • 3
  • 1
  • 1
  • 2
0
votes
3 answers

Exchange 2010, Event 3145 MSEXCHANGEREPL error

Server 2008 R2 Exchange 2010 SP1 receiving another error in the event log: Event 3154, msexchangeRepl > Active Manager failed to mount database Mailbox Database 1037838543 on server WIN2K8EX.JEWELS.LOCAL. Error: An Active Manager operation failed…
Jeff
  • 1,089
  • 5
  • 26
  • 46
0
votes
3 answers

Server 2008 R2, Exchange 2010, WMI error event 10

The system is windows 2008 R2, with Exchange 2010 SP1 installed. I am receiving the following event log application error: event 10, WMI Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA …
Jeff
  • 1,089
  • 5
  • 26
  • 46
0
votes
1 answer

Why does the Windows Event Viewer sometimes show a human-readable user name, and sometimes an SID?

On some of our systems, Event Viewer shows a human-readable user name for the Event Log entries. On other systems, Event Viewer shows an SID (in the form S-1-5-...). Luckily, the SysInternals utility PSGETSID can be used to translate one to the…
Patrick
  • 217
  • 3
  • 8
0
votes
3 answers

How can I find who or what deleted files in the system32 directory?

We have a Windows 2003 development server (IIS and SQL Server) with remote desktop access and some employees have admin rights. A couple weeks ago, a lot of important files (dlls, exes, msc and other stuff) disappeared from the system32 directory.…
Jason
  • 135
  • 6
0
votes
2 answers

Windows 2008 server unaccessible without traces in the event log

I am trying to figure out why a Windows 2008 server became inaccessible in terms of RDP and access to a web application. The server was turned off and then on. Look at the event log at the time it went offline, I can't find anything. And looking at…
Rob
  • 1
1 2 3
41 42