Jump to content

Event Viewer

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 221.128.147.211 (talk) at 09:08, 6 October 2007 (called redone?). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

File:Windows XP Event Viewer.png
Event Viewer in Windows XP.
File:Windows Vista Event Viewer.png
Event Viewer in Windows Vista.

Event Viewer is a component of Microsoft's Windows NT line of operating systems that lets administrators and users view the event logs on a local or remote machine. With Windows Vista, the event system was overhauled and renamed to Windows Event Log.[1]

Overview

Event logs have been a feature of Windows NT since its original release in 1993. Applications and operating system components can make use of this centralized log service to report events that have taken place, such as a failure to start a component or complete an action. The system defines three log sources, "System", "Application", and "Security". The System and Application log sources are intended for use by the Windows operating system and Windows applications respectively; the Security log source, however, is only directly writable by the Local Security Authority Subsystem Service (lsass.exe).

Windows NT 4 added support for defining "event sources" (i.e. the application which created the event) and performing backups of logs.

Windows 2000 added the capability for applications to create their own log sources in addition to the three system-defined "System", "Application", and "Security" log files. NT4's Event Viewer was also replaced with a Microsoft Management Console snap-in.

Windows Server 2003 added the AuthzInstallSecurityEventSource() API calls so that applications could register with the security event logs, and write security audit entries.[2]

Windows Event Log

Windows Event Log has been rewritten around a well-defined structured XML format to allow applications to more precisely log events. There are a large number of different types of event logs including Administrative, Operational, Analytic, and Debug log types. Selecting the Application Logs node in the Scope pane reveals numerous new subcategorized event logs, including many labeled as diagnostic logs. Event logs can be configured to be automatically forwarded to other persons. Event logs can also be remotely viewed from other computers or multiple event logs can be centrally logged and managed from a single computer. Event logs can be filtered by one or more criteria or a standard XPath expression, and custom views can be created for one or more events. Such categorizing and advanced filtering allows viewing logs related only to a certain subsystem or an issue with only a certain component and sending traces on the fly to support technicians. Events can also be directly associated with tasks, which run in the redesigned Task Scheduler. Event attributes are also much more detailed and show EventID, Level, Task, Opcode, and Keywords properties.

See also

References

  1. ^ New tools for Event Management in Windows Vista
  2. ^ "AuthzInstallSecurityEventSource Function". Retrieved 2007-10-05.


Template:MSNav

Retrieved from "https://en.wikipedia.org/w/index.php?title=Event_Viewer&oldid=162629448"