"Event log" usually refers to the system/server logs on Microsoft Windows machines.
"Event log" usually refers to the system/server logs on Microsoft Windows machines.
Questions tagged [windows-event-log]
625 questions
3
votes
0 answers
[WINDOWS]: identifying new protected accounts based on ID 4780
As a security best practice, I would like to keep track in my Windows Active Directory domain of any new "Protected Accounts and Groups". According Microsoft, this concerns any user or group which is directly or indirectly member of those specified…
Michel de Crevoisier
- 571
- 4
- 10
3
votes
2 answers
Is there a way to search all the event-logs on a LAN for a specifc event?
Is there a way to search all the event-logs on a LAN for a specifc event?
cagcowboy
- 1,072
3
votes
1 answer
Service failed to start but nothing in event log
I'm getting the warning that a service or driver failed to start, check the event log, but when I do, I can't find any error or warning events on any of the logs ?
Is there some way to work out what is causing the error?
SteveC
- 271
2
votes
1 answer
Windows 2016 Server Event Date Time is in Future
Current machine date time is Sept 25th 2018 06:05PM but there are numerous error/warning logs with FUTURE time, Like 6:23PM. I checked at 6:05PM but not sure when those errors actually happened. How can an event happen in future?
Mehdi Anis
- 179
- 2
- 7
2
votes
1 answer
What is "Report ID" in Windows Application Error, event 1000 correlated to?
I'm analyzing an event 1000 error in a third-party enterprise application which shows a "Faulting module name" of ntdll.dll and wondering: What is the "Report ID" GUID correlated to? and How might I use it to dig further?
Steve C
- 21
2
votes
3 answers
Window's native event forwarding directly to a syslog\sql server
Right now I have events being forwarded to a collector on which I then run a script to pull them out of the collector's event logs as xml and then insert them in a DB.
Is there any utility that knows the native windows event forwarding protocol that…
red888
- 4,253
2
votes
1 answer
Why does Windows Event Log stop logging events before maximum log size is reached?
I have a service that produces a lot of event log output. Currently the event log is configured to overwrite any old events to keep the log from ever getting full. We have also increased the event log size considerably (to about 600 MB).
Recently…
Tuure Laurinolli
- 121
- 1
- 3
1
vote
1 answer
Eventlog entries for routing table changes
someone knows if there´s a windows eventlog that informs routing table changes?
I´m trying to identify a problem with one machine that has a persistent route entry that shows everytime the windows initializes
Joz
- 11
1
vote
0 answers
Filtering platform connection events with firewall off
Is it normal to get Filtering platform connection events in the Event Log with firewall switched off? I'm on Windows Server 2008 R2 Service Pack 1.
guestadmin
- 11
1
vote
0 answers
CISCO UCS Event ID 153 The IO operation at logical block address for Disk 2 (PDO name: \Device\MPIODisk1) was retried
On my Cisco UCS blade, the windows system event log just started being flooded with these Event ID 153 messages. The OS is Windows Server 2012 R2 Standard. The SAN admin says that there are no errors in the HP 3par SAN logs and that the ports on the…
DBAMAN6
- 11
- 1
1
vote
0 answers
Is impossible to forwarding event log in workgroup environments?
Hi, all.
I want to forward event log from win7(hostname is win7) to win2008(hostname is win2008).
So i used "Source Initiated" option on win7. Because "collector initiated" option can choice domain computer only.
And add hostname of win2008 and add…
Mr.kang
- 109
1
vote
2 answers
Issue reading EventLog entries for Standard user on Windows 7
I am trying to read the Windows Security Event log by notification.
Below is sample line of code, but when I run it on Windows 7 with a standard user I get an Exception:
EventLog _eventlog = new EventLog("Security"); //Monitor on the Security…
Vivek
- 11
1
vote
0 answers
Server Under Attack
I had my server under 2 firewalls. One from my router and one from my windows server. Only VPN port was acccessible. Recently I was getting failed login attempts daily with changing usernames from svchost.exe. I thought it was just a scheduled task…
Bhavya Gupta
- 111
0
votes
1 answer
wevtutil Failed to export remote log
I use:
wevtutil epl Application c:\logs\application.evtx
And export Envenlog. But when export a remote machine using:
wevtutil epl Application c:\logs\application.evtx /r:remote-machine
Don't work. I get and error.
Failed to export log Application.…
0
votes
0 answers
Machine account interactively signing in as UMFD. Is this normal?
Shown below is a windows log event id 4624. The log seems to convey that the machine account server2$ is trying to interactively log in as UMFD-3 interactively.
From my research, UMFD is a system account generated by the User Mode Driver Framework…
Nina G
- 217
- 2
- 10