Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [windows-event-log]

"Event log" usually refers to the system/server logs on Microsoft Windows machines.

"Event log" usually refers to the system/server logs on Microsoft Windows machines.

605 questions
106
votes
6 answers

Windows Server restart / shutdown history

How can I easily see a history of every time my Windows Server has restarted or shutdown and the reason why, including user-initiated, system-initiated, and system crashed? The Windows Event Log is an obvious answer but what is the complete list of…
JohnC
  • 2,504
  • 3
  • 12
  • 15
66
votes
6 answers

How to diagnose a 500 Internal Server Error on IIS 7.5 when nothing is written to the event log?

I've just deployed an update to an existing ASP.NET MVC3 site (it was already configured) and I'm getting the IIS blue screen of death stating HTTP Error 500.0 - Internal Server Error The page cannot be displayed because an internal server error…
Greg B
  • 1,548
  • 5
  • 17
  • 32
29
votes
1 answer

Where/how does Windows store the data in the event logs?

We run some financial systems that log error messages to the system logs. I need to find out if we can clean these error messages from a PCI DSS point of view. I am specificaly interested in the answer for: Windows 2000 Server and Windows 2003…
Ron Tuffin
  • 495
  • 2
  • 9
  • 12
29
votes
2 answers

Who restarted my Windows server?

Is it possible on Windows Server 2000/2003/2008 machines to see which user rebooted the server? I have found the shutdown event in the System event log, but it does not show which user initiated the reboot.
joar
  • 911
  • 1
  • 8
  • 13
25
votes
7 answers

How can I remove specific events from the event log in Windows Server 2008?

Do I need a third party tool for this?
JC.
  • 363
  • 1
  • 3
  • 5
22
votes
2 answers

Filtering Security Logs by User and Logon Type

I have been asked to find out when a user has logged on to the system in the last week. Now the audit logs in Windows should contain all the info I need. I think if I search for Event ID 4624 (Logon Success) with a specific AD user and Logon Type…
Trido
  • 323
  • 1
  • 2
  • 7
15
votes
2 answers

Event 4625 Audit Failure NULL SID failed network logons

In 3 separate systems, the following event is being logged many times (between 30 to 4,000 times a day depending on the system) on the domain controller server: An account failed to log on. Subject: Security ID: SYSTEM Account Name: …
mythofechelon
  • 877
  • 3
  • 22
  • 38
15
votes
6 answers

How do I passively monitor the Windows Event Log?

How can I monitor the Windows Event Log remotely such that I will be informed automatically when certain events occur? There are plenty of active monitoring solutions, but they require human attention or constant polling. I need a passive solution…
Rym
  • 539
  • 1
  • 4
  • 10
14
votes
1 answer

What time zone is displayed in windows event logs? When viewing saved log from another machine?

What time zone is being displayed here? GMT? System time zone? What happens when I export the log and view it on a second machine. Does it use the first system's time zone or the second? Thanks!
samecodes
  • 143
  • 1
  • 1
  • 4
13
votes
3 answers

What are the implications of exceeding 4 GB in a Windows Event Log?

I found this Microsoft KB that covers recommended Event Log setting maximums for operating systems up to Windows 2008/Vista, which recommends a maximum of 4GB, and have seen some other vague references that an Event Log larger than 4 GB is not…
lgaud
  • 243
  • 1
  • 3
  • 6
13
votes
6 answers

Server 2008 email on Event variables

One of the new features of Server 2008 is the ability to attach a task to a specific event in the event logs. One of the actions available is to send an email through a SMTP server. This is working great, however it would be ideal if in the message…
Jeff Miles
  • 2,020
  • 2
  • 19
  • 26
13
votes
2 answers

Server locking up, /var/log/messages reports "backlog limit exceeded"

We have a CentOS OS that became unresponsive this morning to external network traffic. It is a virtual machine. I was able to reboot the VM. After logging back in, I found the following in the /var/log/messages file, repeating over and over, up to…
YWCA Hello
  • 203
  • 1
  • 2
  • 9
11
votes
3 answers

What is the source of thousands of 4625 Logon Failure errors with Logon Type 8 (NetworkCleartext)?

I have a Windows Server 2008 R2 system that's showing thousands of 4625 Logon Failure errors with Logon Type 8 (NetworkCleartext) in the Security section of the Windows Logs every single day. There are no IP addresses of the systems trying to gain…
kevinmicke
  • 411
  • 1
  • 4
  • 16
10
votes
2 answers

How to filter windows event log with wildcard?

According to the document here, the asterisk wildcard is supported and hence it should work in eg. *[EventData[Data[@Name='TargetUserName'] ='User1*']] but I cannot get any wildcard filter to work - has anyone been able to do this?
A_L
  • 203
  • 1
  • 2
  • 5
10
votes
5 answers

Event 36888: The following fatal alert was generated: 10. The internal error state is 1203

I've searched online, but am unable to find any information; why this error is occurring? It has flooded my Event Viewer: with an interval of 1 minute, this Error keeps popping up. (i.e. the frequency is 1 minute) I don't have any IIS…
Param
  • 1,347
  • 13
  • 34
  • 51
1
2 3
40 41