Event Types
By Adrian Grigorof, MCSE
Windows NT/2000/XP/2003/Vista have 3 types of logs
Application Log - Contains events reported by various applications installed on the Windows NT server. These can be Microsoft or 3-rd party applications.
File: %SystemRoot%\System32\Config\AppEvent.evt
Security Log - Contains all the auditing and security events.
File: %SystemRoot%\System32\Config\SecEvent.evt
System Log - Contains events reported by Windows NT system components (processes, kernel, drivers.
File: %SystemRoot%\System32\Config\SysEvent.evt
Windows servers configured with Active Directory have 3 additional logs:
Directory Service - Contains events reported by Active Directory
File: %SystemRoot%\System32\Config\Director.evt
DNS Server - Contains events reported by Microsoft Windows 2000 DNS Server.
File: %SystemRoot%\System32\Config\DNSEvent.evt
File Replication Service - Contains events reported by Microsoft FRS Service.
File: %SystemRoot%\System32\Config\NTFrs.evt
Note: Win2K Professional cannot read any of the DNS/FRS/DS logs, unless the Admin pack is installed.
Windows event logs contain 5 types of
events:
Information - An event that describes the successful operation of an application, driver, or service. For example, when a network driver loads successfully, an Information event will be logged.
Error - A significant problem, such as loss of data or loss of functionality. For example, if a service fails to load during startup, an error will be logged.
Warning - An event that is not necessarily significant, but may indicate a possible future problem. For example, when disk space is low, a warning will be logged.
Success Audit - An audited security access attempt that succeeds. For example, a user's successful attempt to log on to the system will be logged as a Success Audit event.
Failure Audit - An audited security access attempt that fails. For example, if a user tries to access a network drive and fails, the attempt will be logged as a Failure Audit event.