"Event log" usually refers to the system/server logs on Microsoft Windows machines.
"Event log" usually refers to the system/server logs on Microsoft Windows machines.
Questions tagged [windows-event-log]
617 questions
5
votes
4 answers
"Account locked out" security event at midnight
The last three midnights I've gotten an Event ID 539 in the log...about my own account:
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 539
Date: 2010-04-26
Time: 12:00:20 AM
User: NT…
Kev
- 984
- 4
- 23
- 46
5
votes
1 answer
Distributed Server Monitoring Solution
I belong to an independent IT firm that manages and maintains about 50 business clients networks, ranging from small 5 system networks to 200+ systems. Because we are unable to directly monitor each server at these locations (distributed over a very…
MaterialEdge
5
votes
5 answers
Forwarding Windows log event using TCP
I'm looking for a way to safely centralize all my Windows and Linux logs on one location. Since I'm in a mixed environment, with both Linux and Windows, I started using Syslog-ng on the Linux boxes and Snare on the Windows ones, all pointing to a…
Nicolas Charles
- 725
- 5
- 11
4
votes
2 answers
Is there a Windows Event character count limitation?
I'm working on output analysis of the Windows Event ID 5136 ("A directory service object was modified") and more specifically events with "LDAP Display Name = nTSecurityDescriptor" (see following event 5136 capture).
In the "value" field, I have a…
Michel de Crevoisier
- 571
- 4
- 9
4
votes
2 answers
EVENTCREATE fails with "ERROR: Access is denied" -- how to fix
I have also asked this question in a Microsoft Forum, but no answers there yet.
I am in the process of building out a Windows 2012 server to replace a legacy Windows 2008 server. I am testing a legacy batch script that logs informational or system…
John Rocha
- 205
- 3
- 8
4
votes
0 answers
Windows - Log services access to certificate store
I have a software which run as a service (Checkpoint Identity Awareness) which connects to a server and verifies its identity (actually a checkpoint firewall) by checking its certificate, like any browser do.
The problem is that this software keeps…
thibon
- 141
- 2
4
votes
1 answer
Event ID 1158: "Remote Desktop Services accepted a connection from IP address xxx.xxx.xxx.xxx"
I have set up a home office with a local domain with just one Windows Server 2012 R2 and i have allowed port 3389 from router to my server.
While knowing this is dangerous, i set it up that way in order to perform several audit tests i have been…
Konstantinos Xanthopoulos
- 165
- 4
- 15
4
votes
2 answers
How to filter the Windows Security event log by SID?
I want to filter the event log for a certain user, but I don't think there's an option to search by SAMID. There is a filter by UserId though, according to here. Is the following correct syntax correct to search the user in the screen shot…
Old Geezer
- 397
- 8
- 25
4
votes
2 answers
How does Windows Event forwarding work with non domain computers? (certificates)
In reasearching this question I've looked at the following documents and none of them describe the options or flexibility of the event collector service.
Microsoft's Event Collector Service on Technet (too procedural, I'm just looking for how it…
makerofthings7
- 8,911
- 34
- 121
- 197
4
votes
1 answer
Logging a list of Worker Process Requests when Application Recycle happens
Does anyone know of the best way to log all work process requests that are currently running when an IIS recycle happens.
If you go to IIS > Worker Processes > Select an app pool > View Current Requests you get a list of requests.
We have…
PaulJ
- 141
- 2
4
votes
1 answer
Using Powershell, trigger an action if the most recent Event Log event is over one hour old
We have a server running our backup software, and the software has its own event log. I can retrieve the most recent event log entry with this command:
Get-EventLog EventLogName -ComputerName server.example.com -newest 1
That gives me results like…
JeffHarbert
- 75
- 8
4
votes
1 answer
powershell Get-WinEvent cmdlt: Filtering by time-stamp not producing desired results?
I am trying to filter events via Get-WinEvent to get specific logs from the last 24 hours:
$EventLogFilter = @{logname='ForwardedEvents'; id=4771,4625,4768; StartTime=(Get-Date).AddHours(-24)}
$LogonEvents = Get-WinEvent -FilterHashtable…
red888
- 4,183
- 18
- 64
- 111
4
votes
2 answers
Opening an archived "Application Event Log" (Hidden Directory)
I'm an admin on the box. I've turned off all the folder options "Hide protected operating system files" and turned on "Show hidden files and folders".
I can see this folder in Windows Explorer:
C:\Windows\System32\winevt\Logs
but I cannot see it…
NealWalters
- 1,333
- 8
- 19
- 39
4
votes
3 answers
Event Log > Filter Current Log > XML > where EventData contains text
I'm trying to search through the windows event log for anything where the event data contains the string TCP Provider, error: 0 as part of a longer error message. To do this I created the code below:
…
JohnLBevan
- 1,214
- 7
- 22
- 46
4
votes
1 answer
What are the differences between Windows EVT and EVTX log files?
Windows is moving to the *.EVTX format for their logging files, but we still have clients that have versions that write to the older *.EVT format. What are the differences in how those files are built, with a view to if they are parsed differently.…
Matt
- 43
- 1
- 5