Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [windows-event-log]

"Event log" usually refers to the system/server logs on Microsoft Windows machines.

"Event log" usually refers to the system/server logs on Microsoft Windows machines.

617 questions
3
votes
1 answer

Execute a Windows task triggered by registry changes

I'm looking for a possibility to execute a script in case a particular registry key is going to be created or modified. In the Windows Taks Scheduler there is a way to execute scripts triggered by system/application events. But I could not find one…
eglobetrotter
  • 131
  • 1
  • 3
3
votes
2 answers

Windows Event Forwarding large scale with multiple domains

Let me start off explaining what I'm trying to do: We have an RMM tool installed on lots of Windows servers. It is able to send Windows Event Logs to a central store, but not in an efficient or reliable way. I'd like to use the native WEF on Windows…
floppyraid
  • 33
  • 3
3
votes
2 answers

Can't enable Event Log

Hi I have a Windows 2012 Server and would like to do some event logging. But when I go to the event logger I am unable to Enable Logging for the desired events. (I'm logged in as the Administrator account) Everything is greyed out, the Log path is…
Gilles Lesire
  • 243
  • 1
  • 3
  • 13
3
votes
2 answers

Expired password Event ID in Window Server 2012

Does any event id generates when user account password gets expired? I was hoping to write a script which triggers through event? I did look around but did not find anything related to password expiration - only found related to account expiration.
patJR
  • 43
  • 1
  • 3
3
votes
0 answers

Constant Audit Failures in Event Viewer from Users not logged on

Let me start off with some details on my environment: Windows Active Directory Domain Environment Domain Controller: Windows Server 2003 R2 Problem Workstation: Windows 7 Professional 64-bit Lately I've gotten reports of Domain User Accounts being…
OilyBusiness
  • 31
  • 3
3
votes
0 answers

How to filter ObjectName in Windows logs with Advanced XML Filtering?

I want to deploy a centralized log analysis tool on my domain. I'm currently configuring Windows to audit a shared network drive (read, write, access attempt of domain users) to forward Windows events to my server. Since Windows audit logs are…
Aexyn
  • 31
  • 1
  • 2
3
votes
4 answers

Convert saved evtx files to text

I'm looking to export a large quantity of saved Security log files (.evtx) to text or CSV format. I found wevtutil but that only seems to be able to convert .evt to .evtx when dealing with saved log files: wevtutil epl c:\logs\seclog.evtx…
smwk
  • 570
  • 2
  • 5
  • 14
3
votes
1 answer

Create EventLog Source using Group Policy

In our environment we want to force all our system engineers who write scripts to write logging to the EventLog. To keep track of all logging of our scripts we want to write this to a specific source in the Application log. Since you need server…
Tomas
  • 91
  • 1
  • 1
  • 9
3
votes
1 answer

Event Viewer Filtering does not work - invalid query

First of all, I'd like to rant about how stupidly hard searching for something event logs, but I bet MS is not listening to me so that's about it. My problem is this: I'm trying to find out all the events that have this value (0x84e9c0d) in the…
user2629636
  • 774
  • 5
  • 19
  • 40
3
votes
0 answers

Error 1606 - MSIs, UNC paths and permissions?

I have a persistent issue with a number of our Windows desktop systems where we see various MSI packages throw up error 1606 (and 1314, in the MSI log), which is a permission issue, when attempting to be installed. The location is almost always that…
Trevelyan
  • 81
  • 1
  • 5
3
votes
2 answers

Where in the event log is the IIS AppPool recycling events being recorded?

I turned on all the options for IIS AppPool recycling logging and recycled the app pool a few times and I am not seeing the events in the event log. I refreshed a few sections in the event log. Where are these being recorded? Windows 7.
Tony_Henrich
  • 954
  • 3
  • 12
  • 23
3
votes
1 answer

What is the default retention and archiving mechanism for Windows 2012 Event Logs?

How does Windows 2012 manage event logs retention? Does it 'rotate' logs like *NIX systems? Does it automatically delete old logs when disk is full. Any way to define log retention period? (e.g. delete logs older than six months)
TiCL
  • 329
  • 4
  • 11
3
votes
1 answer

My event log has corrupted DACL 'Write Attributes' in 4656 file audit events

I have been scripting a procedure in powershell to pull security event logs from my windows 2012r2 server. Investigating a bug in my procedure to parse the event into xml I discovered a very strange problem in the 'Access Reasons' property of the…
EPJK1337
  • 61
  • 7
3
votes
1 answer

How could I see by the event viewer log that the format of date was changed?

I need to see by the eventviewer log that the format of date was changed. I know that have the eventlog of ID 4616, but it's for DATE changing, and not lot when I just change the FORMAT of the date. The environment is a Windows 2008 server.
Only a Curious Mind
  • 163
  • 2
  • 6
3
votes
2 answers

Event ID: 36888 The following fatal alert was generated: 10. The internal error state is 10

We are experiencing the following schannel errors most frequently on our Remote Desktop Terminal Servers. Log Name: System Source: Schannel Date: 11/18/2015 1:04:56 PM Event ID: 36888 Task Category: None Level: …
DanielJay
  • 265
  • 2
  • 5
  • 13
1 2 3
41 42