Managing Windows events
Windows NT and later versions provide you the possibility to record information about their activity in a log file. When an event is logged, the event and its message are appended to the Windows Application Event Log file, the date, time, user, and other identifying information. These events can be viewed with the Windows Event Viewer and also in the CM console through this node.
Using the event logs, you can gather information about hardware, software, and system issues and monitor Windows security events.
Windows records at least three kinds of events which are accessible through their subnodes such as:
- Application
- Security
- System
Depending on the operating systems and the installed software you can find more event logs here for IE 7, Microsoft Office, and so on.
The section includes following topics:
Application log
The application log contains events logged by applications or programs. For example, a database program might record a file error in the application log. The developer decides which events to record.
Parameter | Description |
|---|---|
Type | The fields in this column display the type of the event, which can be one of the following: Error A significant issue, such as loss of data or loss of functionality. For example, if a service fails to load during startup, an error will be logged. Warning An event that is not necessarily significant, but might indicate a possible future issue. For example, when disk space is low, a warning will be logged. Information An event that describes the successful operation of an application, driver, or service. For example, when a network driver loads successfully, an Information event will be logged. |
Date | The date and time the event occurred in the default time format. |
Source | This field displays the application that caused the event, this can either be the system or a system component, for example, SNMP or EventLog, or any type of application such as an antivirus or a word processing program. |
Category Name | This entry defines the severity level of the individual event. This information in the form of a number is mainly used in the security events. |
Event | Displays the ID number of the respective event. |
User | Displays the name of the user that caused the event, for example, SYSTEM, if the event was caused by the system or one of its components, the login name of the user which was logged on, or N/A if no information is available on the user. |
Security log
The security log can record security events such as valid and invalid login attempts, and events related to resource use, such as creating, opening, or deleting files. An administrator can specify what events are recorded in the security log. For example, if you have enabled login auditing, attempts to log on to the system are recorded in the security log.
Parameter | Description |
|---|---|
Type | The fields in this column display the type of the event, which can be one of the following: Audit Success An audited security access attempt that succeeds. For example, a user's successful attempt to log on to the system will be logged as a Success Audit event. Audit Failure An audited security access attempt that fails. For example, if a user tries to access a network drive and fails, the attempt will be logged as a Failure Audit event. |
Date | The date and time the event occurred in the default time format. |
Source | This field displays the origin of the event, this can either be the system or a system component, for example, SNMP or EventLog, or any type of application such as an antivirus or a word processing program. |
Category Name | This entry defines the severity level of the individual event. This information in the form of a number is mainly used in the security events. |
Event | Displays the ID number of the respective event. |
User | Displays the name of the user that caused the event, for example, SYSTEM, if the event was caused by the system or one of its components, the login name of the user which was logged on, or N/A if no information is available on the user. |
System log
The system log contains events logged by the Windows 2000 system components. For example, the failure of a driver or other system component to load during startup is recorded in the system log. The event types logged by system components are predetermined.
Parameter | Description |
|---|---|
Type | The fields in this column display the type of the event, which can be one of the following: Error A significant issue, such as loss of data or loss of functionality. For example, if a service fails to load during startup, an error will be logged. Warning An event that is not necessarily significant, but might indicate a possible future issue. For example, when disk space is low, a warning will be logged. Information An event that describes the successful operation of an application, driver, or service. For example, when a network driver loads successfully, an Information event will be logged. |
Date | The date and time the event occurred in the default time format. |
Source | This field displays the application that caused the event, this can either be the system or a system component, for example, SNMP or EventLog, or any type of application such as an antivirus or a word processing program. |
Category Name | This entry defines the severity level of the individual event. This information in the form of a number is mainly used in the security events. |
Event | Displays the ID number of the respective event. |
User | Displays the name of the user that caused the event, for example, SYSTEM, if the event was caused by the system or one of its components, the login name of the user which was logged on, or N/A if no information is available on the user. |
Comments
Log in or register to comment.