Managing Windows events

Windows NT and later versions provide you the possibility to record information about their activity in a log file. When an event is logged, the event and its message are appended to the Windows Application Event Log file, the date, time, user, and other identifying information. These events can be viewed with the Windows Event Viewer and also in the BMC Client Management console through this node.

Using the event logs, you can gather information about hardware, software, and system issues and monitor Windows security events.

Windows records at least three kinds of events which are accessible through their sub-nodes such as:


The application log contains events logged by applications or programs. For example, a database program might record a file error in the application log. The developer decides which events to record.


The security log can record security events such as valid and invalid login attempts, and events related to resource use, such as creating, opening, or deleting files. An administrator can specify what events are recorded in the security log. For example, if you have enabled login auditing, attempts to log on to the system are recorded in the security log.


The system log contains events logged by the Windows 2000 system components. For example, the failure of a driver or other system component to load during startup is recorded in the system log. The event types logged by system components are predetermined.

Depending on the operating systems and the installed software you can find more event logs here for IE 7, Microsoft Office, and so on.

The following table describes typical event information




The fields in this column display the type of the event, which can be one of the following: Audit Success An audited security access attempt that succeeds. For example, a user's successful attempt to log on to the system will be logged as a Success Audit event. Audit Failure An audited security access attempt that fails. For example, if a user tries to access a network drive and fails, the attempt will be logged as a Failure Audit event.


The date and time the event occurred in the default time format.


This field displays the origin of the event, this can either be the system or a system component, for example, SNMP or EventLog, or any type of application such as an antivirus or a word processing program.

Category Name

This entry defines the severity level of the individual event. This information in the form of a number is mainly used in the security events.


Displays the ID number of the respective event. This parameter is hidden by default in the web console.


Displays the name of the user that caused the event, for example, SYSTEM, if the event was caused by the system or one of its components, the login name of the user which was logged on, or N/A if no information is available on the user.

DescriptionThe detailed description of the event.
Was this page helpful? Yes No Submitting... Thank you