|By Adrian Grigorof, B.Sc., MCSE|
Windows events are not generated by the Windows itself but by individual applications (they may be Windows components). These applications record themselves as the "Source" of the event.
Here is how you can identify the source of the event using Microsoft Event Viewer:
As one can see, the source for this event is NETLOGON.
As a tip, you can see all the sources that recorded themselves as being able to generate events by examining the following registry key:
Under this key, there are subkeys for each event log: Application, Security, System (more if you the computer is a domain controller or if some application created its own custom event log). Under the keys for each log are the applications that registered themselves. For example, the NETLOGON source has the following key:
As you can see, NETLOGON records its events in the System log. Under this key, you can find the EventMessageFile value that holds the location of the file with the templates for all the events that this source can generate (%SystemRoot%\System32\netmsg.dll for our example). To read the content of this file you need to use Microsoft's Event Log APIs. Here is what this file contains for NETLOGON.
What is the event source?