|By Adrian Grigorof, B.Sc., MCSE|
Windows NT has 3 types of logs:
Application Log - Contains events reported by various applications installed on the Windows NT server. These can be Microsoft or 3-rd party applications.
Security Log - Contains all the auditing and security events.
System Log - Contains events reported by Windows NT system components (processes, kernel, drivers.
Windows 2000 Servers configured with Active Directory or just DNS has 3 additional logs:
Directory Service - Contains events reported by Active Directory
DNS Server - Contains events reported by Microsoft Windows 2000 DNS Server.
File Replication Service - Contains events reported by Microsoft FRS Service.
Note: Win2K Professional cannot read any of the DNS/FRS/DS logs, unless the Admin pack is installed.
NT/2000 Event logs contain 5 types of events:
Information - An event that describes the successful operation of an application, driver, or service. For example, when a network driver loads successfully, an Information event will be logged.
Error - A significant problem, such as loss of data or loss of functionality. For example, if a service fails to load during startup, an error will be logged.
Warning - An event that is not necessarily significant, but may indicate a possible future problem. For example, when disk space is low, a warning will be logged.
Success Audit - An audited security access attempt that succeeds. For example, a user's successful attempt to log on to the system will be logged as a Success Audit event.
Failure Audit - An audited security access attempt that fails. For example, if a user tries to access a network drive and fails, the attempt will be logged as a Failure Audit event.
NT/2000 Event Logs and Event Types