Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [eventviewer]

This tag is for questions about Windows' Event Viewer. Event Viewer is where Windows stores logs generated by the Operating System and certain applications.

This tag is for questions about Windows' Event Viewer and Event Logs. Event Viewer is where Windows stores logs generated by the Operating System and certain applications.

Event Viewer has three primary logging areas:

  • Application
  • Security
  • System

Recent Versions of Windows (Vista and later / Server 2008 and later) have a large number of additional log areas.

Most Windows components (such as services) log to the System log, with notable exceptions being IIS and user-related operations (such as folder redirection at login) which log to the Application log. Programs that you write should log either to their own log areas or to the Application log. The Security log records successful and failed logins.

See also:

195 questions
44
votes
7 answers

View Shutdown Event Tracker logs under Windows Server 2008 R2

I'm trying to view the Shutdown Event Tracker logs in the Event Viewer, on windows server 2008 r8, but I can't find the messages that I supplied when previously restart the server. Where in the Event Viewer can I see these logs?
stacker
  • 831
  • 3
  • 10
  • 15
32
votes
3 answers

Find out who disabled a Windows service

I was doing some fault finding, and I've discovered two services which should be set to automatic have been set to disabled. What is the best way to find out who did this? It could be someone from my company, or it could be someone client-side. …
Paul Brindley
  • 423
  • 1
  • 4
  • 6
22
votes
2 answers

Filtering Security Logs by User and Logon Type

I have been asked to find out when a user has logged on to the system in the last week. Now the audit logs in Windows should contain all the info I need. I think if I search for Event ID 4624 (Logon Success) with a specific AD user and Logon Type…
Trido
  • 323
  • 1
  • 2
  • 7
18
votes
2 answers

"Unable to open the Server service performance object."

I have a group of servers which all show these symptoms. Every 2-7 days twice in a row, the following error shows up in the Application event log: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section…
Andrew J. Brehm
  • 1,611
  • 7
  • 34
  • 57
14
votes
1 answer

What time zone is displayed in windows event logs? When viewing saved log from another machine?

What time zone is being displayed here? GMT? System time zone? What happens when I export the log and view it on a second machine. Does it use the first system's time zone or the second? Thanks!
samecodes
  • 143
  • 1
  • 1
  • 4
13
votes
4 answers

Where are windows 10 defender offline scan logs/results?

I can't find any events or log files, are there such records somewhere or WD reports only if it finds something? Windows 10 pro, drive is encrypted with bitlocker (might affects somehow?)
bdimych
  • 131
  • 1
  • 1
  • 3
13
votes
3 answers

Is there something like windows event viewer in linux platform?

I can check all kinds of error info with event viewer, but I'm not yet aware of there is such utility in linux, I can only check error logs of a specific application, or is there such a tool in linux too?
wamp
  • 1,177
  • 3
  • 12
  • 17
11
votes
3 answers

Can I disable Windows Event Logging for a certain service?

We have a legacy application running on a Windows Server 2008 VM from Azure that is spamming our windows event log every minute or so. I do not have access to the source for the bit of code that is writing to the event log, only the dll file. I…
simonlchilds
  • 215
  • 1
  • 2
  • 7
10
votes
2 answers

How to filter windows event log with wildcard?

According to the document here, the asterisk wildcard is supported and hence it should work in eg. *[EventData[Data[@Name='TargetUserName'] ='User1*']] but I cannot get any wildcard filter to work - has anyone been able to do this?
A_L
  • 203
  • 1
  • 2
  • 5
10
votes
5 answers

Event 36888: The following fatal alert was generated: 10. The internal error state is 1203

I've searched online, but am unable to find any information; why this error is occurring? It has flooded my Event Viewer: with an interval of 1 minute, this Error keeps popping up. (i.e. the frequency is 1 minute) I don't have any IIS…
Param
  • 1,347
  • 13
  • 34
  • 51
9
votes
1 answer

Lots of FAILURE AUDIT: an account failed to log on entires in Security Log

I have received lots of failure audits on my server. From the log, I have identified the particular machine that is the culprit. How can I identify which process is sending the login request? Do you have any idea how to find out? Below is the detail…
Param
  • 1,347
  • 13
  • 34
  • 51
8
votes
1 answer

New event log nowhere to be found after creating in PowerShell

Through PowerShell, I am attempting to create a new event log and write a test entry to it, but it is not showing up the Event Viewer. This is the command I'm using to create a new event log: new-eventlog -logname TestLog -source TestLog And to…
Matt
  • 291
  • 2
  • 9
8
votes
2 answers

Is there any way to undo after clearing a log on Windows 2008 server?

I accidentally cleared a event log. Is there any way I can get it back?
Duk
  • 83
  • 1
  • 1
  • 4
8
votes
2 answers

Event Log time when Computer Start up / boot up

Client OS - Window XP Domain Controller:- Window server 2008 Standard R2 I had one Windows XP system. I want to find out when the system has started or boot ( at what time and date ). I don't know which parameter / word should I search for in Event…
Param
  • 1,347
  • 13
  • 34
  • 51
8
votes
6 answers

How to enable Audit Failure logs in Active Directory?

I have a user account that keeps on getting locked out. I am trying to find out what caused it. So I want to enabled failure audits in event viewer as a start. But, I don't know how! How do I enable Audit Failures such that it shows up in the DC's…
Jake
  • 1,150
  • 6
  • 26
  • 48
1
2 3
12 13