Questions tagged [eventviewer]
This tag is for questions about Windows' Event Viewer. Event Viewer is where Windows stores logs generated by the Operating System and certain applications.
203
questions
45
votes
7
answers
274k
views
View Shutdown Event Tracker logs under Windows Server 2008 R2
I'm trying to view the Shutdown Event Tracker logs in the Event Viewer, on windows server 2008 r8, but I can't find the messages that I supplied when previously restart the server.
Where in the Event ...
- 841
34
votes
3
answers
66k
views
Find out who disabled a Windows service
I was doing some fault finding, and I've discovered two services which should be set to automatic have been set to disabled.
What is the best way to find out who did this? It could be someone from ...
- 443
23
votes
3
answers
115k
views
Filtering Security Logs by User and Logon Type
I have been asked to find out when a user has logged on to the system in the last week. Now the audit logs in Windows should contain all the info I need. I think if I search for Event ID 4624 (Logon ...
- 333
18
votes
2
answers
37k
views
"Unable to open the Server service performance object."
I have a group of servers which all show these symptoms. Every 2-7 days twice in a row, the following error shows up in the Application event log:
Unable to open the Server service performance object....
- 1,611
17
votes
5
answers
95k
views
Where are windows 10 defender offline scan logs/results?
I can't find any events or log files,
are there such records somewhere or WD reports only if it finds something?
Windows 10 pro,
drive is encrypted with bitlocker (might affects somehow?)
- 171
14
votes
1
answer
26k
views
What time zone is displayed in windows event logs? When viewing saved log from another machine?
What time zone is being displayed here?
GMT? System time zone? What happens when I export the log and view it on a second machine. Does it use the first system's time zone or the second?
Thanks!
- 143
13
votes
3
answers
62k
views
Is there something like windows event viewer in linux platform?
I can check all kinds of error info with event viewer,
but I'm not yet aware of there is such utility in linux,
I can only check error logs of a specific application,
or is there such a tool in ...
- 1,237
11
votes
2
answers
26k
views
How to filter windows event log with wildcard?
According to the document here, the asterisk wildcard is supported and hence it should work in eg.
*[EventData[Data[@Name='TargetUserName'] ='User1*']]
but I cannot get any wildcard filter to work - ...
- 213
11
votes
3
answers
41k
views
Can I disable Windows Event Logging for a certain service?
We have a legacy application running on a Windows Server 2008 VM from Azure that is spamming our windows event log every minute or so. I do not have access to the source for the bit of code that is ...
- 215
10
votes
5
answers
69k
views
Event 36888: The following fatal alert was generated: 10. The internal error state is 1203
I've searched online, but am unable to find any information; why this error is occurring?
It has flooded my Event Viewer: with an interval of 1 minute, this Error keeps popping up. (i.e. the ...
- 1,357
9
votes
6
answers
114k
views
How to enable Audit Failure logs in Active Directory?
I have a user account that keeps on getting locked out. I am trying to find out what caused it. So I want to enabled failure audits in event viewer as a start. But, I don't know how!
How do I enable ...
- 1,172
9
votes
1
answer
4k
views
New event log nowhere to be found after creating in PowerShell
Through PowerShell, I am attempting to create a new event log and write a test entry to it, but it is not showing up the Event Viewer. This is the command I'm using to create a new event log:
new-...
- 311
9
votes
1
answer
8k
views
Lots of FAILURE AUDIT: an account failed to log on entires in Security Log
I have received lots of failure audits on my server. From the log, I have identified the particular machine that is the culprit. How can I identify which process is sending the login request?
Do you ...
- 1,357
8
votes
2
answers
70k
views
Event Log time when Computer Start up / boot up [duplicate]
Client OS - Window XP
Domain Controller:- Window server 2008 Standard R2
I had one Windows XP system. I want to find out when the system has started or boot ( at what time and date ). I don't know ...
- 1,357
8
votes
3
answers
33k
views
how do i find application name using GUID from error in event viewer on Windows Server 2003?
A Windows Serve 2003 machine logged an error in Event Viewer with the COM+ Event System, saying it could not marshal the subscriber for a particular subscription and then gave the SID/GUID, which is:
...
- 265
8
votes
2
answers
29k
views
Is there any way to undo after clearing a log on Windows 2008 server?
I accidentally cleared a event log. Is there any way I can get it back?
- 83
8
votes
2
answers
5k
views
Application Event Log keeps getting corrupted
I recently asked about repairing a corrupt event log, because it seemed to be a one-off event. The event log has since exhibited the same behavior 3 times. We have been trying to find patterns, but ...
- 1,223
7
votes
3
answers
46k
views
Windows event codes for startup/shutdown lock/unlock
I'm trying to build up a list of event Ids that can be used to determine when the machine has been shutdown, started up, locked and unlocked. So far, I've found 6 event IDs which seem to be best ...
- 181
7
votes
2
answers
3k
views
Unexpected results from an XML query filter for security event log
Folks,
I am trying to craft a custom XML / Xpath filter to the Windows Event Log viewer to exclude the countless "SYSTEM" Logons from the security log's view. I have managed to get this far with the ...
- 40.8k
6
votes
6
answers
6k
views
shortcut for Eventvwr > Connect to another computer
I was wondering if you can write the following action in a batch command?
eventvwr (open the event viewer)
Menu Action > Connect to another computer
Type in the name of the computer.
Connect.
This ...
- 161
6
votes
1
answer
2k
views
How Can I Consolidate all Event Viewer Logs from different Servers
Currently I use Microsoft Management Console to check Event Viewer logs on 20 servers. Every time I click on one server, my custom view it takes 2 minutes to load. I need to find a faster way to check ...
- 83
5
votes
3
answers
30k
views
Event Log > Filter Current Log > XML > where EventData contains text
I'm trying to search through the windows event log for anything where the event data contains the string TCP Provider, error: 0 as part of a longer error message. To do this I created the code below:
...
- 1,278
5
votes
3
answers
29k
views
Event Viewer Warning: "Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004F057"
I have Windows Server 2012 R2 Standard running on a Dell PowerEdge T320. The server is near one month in use as a domain controller. I've noticed this warning entry showing in the Application log ...
- 129
5
votes
2
answers
25k
views
Is it possible to grant Read-Only Access to all Event Logs on Domain Controllers
I would like to grant Read-Access to event logs on all my domain controllers, ideally at a domain level using GPO. I would like members of a group to be able to view the Application Log, the System ...
- 1,543
5
votes
1
answer
16k
views
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {45FB4600-E6E8-4928-B25E-50476FF79425}
I'm getting the following error message in Azure Windows 10 Application Event log periodically:
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {...
- 293
5
votes
0
answers
150
views
Corrupt General Tab in Event Viewer
Whenever ASP.NET reports a dangerous query string value to the Application log and the request contains a certain combination of characters; the event viewer will not show the error information and ...
- 51
5
votes
1
answer
6k
views
How do I fix a custom Event Viewer Log that merges automatically with the Application log?
I am trying to create a custom event log for a Windows Service on Windows Server 2003. I would like to name the custom log "(ML) Startup Commands". However, when I add a registry key with that name to ...
- 281
4
votes
3
answers
41k
views
Remote Desktop Services login history
Is it possible to generate a report of past user logins to a Windows Server 2008 Remote Desktop Services server?
The closest Event Viewer logs I can find are under Application and Services Logs --> ...
- 485
4
votes
2
answers
3k
views
Opening an archived "Application Event Log" (Hidden Directory)
I'm an admin on the box. I've turned off all the folder options "Hide protected operating system files" and turned on "Show hidden files and folders".
I can see this folder in Windows Explorer:
C:\...
- 1,333
4
votes
2
answers
10k
views
How does Windows Event forwarding work with non domain computers? (certificates)
In reasearching this question I've looked at the following documents and none of them describe the options or flexibility of the event collector service.
Microsoft's Event Collector Service on ...
- 8,931
4
votes
4
answers
12k
views
Unknown and strange RDP successful logins in EventViewer
I have a Windows Server 2008 R2 with a valid IP, and recently I've found hundreds of unknown and strange RDP successful logins logged in EventViewer. Here are some details:
They are not similar to ...
- 171
4
votes
2
answers
3k
views
users unable to view security log in event viewer
I want to create a user account who is able to view the security log in event viewer, but not as a administrator, just as a power user. I had been getting this error when I click the security log:
...
nearownkira
3
votes
4
answers
15k
views
Is it possible to filter out (remove) a single Event ID from the Event Viewer?
Let's say I want to remove a single event from the view so I can view the rest. How do I accomplish this? This is on a Server 2003 R2 box.
- 2,833
3
votes
2
answers
234
views
What log messages do I need to look for that indicate the start of a log-off in Windows Event Viewer?
Is there an Info message in Windows Event viewer that indicates the start of a log off? I'm trying to spot errors and warnings as a user logs off.
- 4,909
3
votes
2
answers
16k
views
Where in the event log is the IIS AppPool recycling events being recorded?
I turned on all the options for IIS AppPool recycling logging and recycled the app pool a few times and I am not seeing the events in the event log. I refreshed a few sections in the event log. Where ...
- 954
3
votes
2
answers
1k
views
How can one learn to read the Windows Server event viewer and know what events are normal and which are signs of potential problems?
I have been managing Windows Server 2003 machines at work, but I am a software developer. (Please don't say 'hire a sysadmin', the point of this question is my own learning).
How do server admins ...
- 896
3
votes
2
answers
12k
views
Can not see entries in Application Log in Event Viewer
Last week our Application Log appeared to be corrupt. Event Viewer said the log was 20MB, and had 18,446,744,073,709,550,735 (0.000000000008674 bits each) records (which can not possibly be true), and ...
- 1,223
3
votes
1
answer
4k
views
Event Viewer Filtering does not work - invalid query
First of all, I'd like to rant about how stupidly hard searching for something event logs, but I bet MS is not listening to me so that's about it.
My problem is this: I'm trying to find out all the ...
- 774
3
votes
1
answer
5k
views
How could I see by the event viewer log that the format of date was changed?
I need to see by the eventviewer log that the format of date was changed.
I know that have the eventlog of ID 4616, but it's for DATE changing, and not lot when I just change the FORMAT of the date. ...
3
votes
2
answers
6k
views
GPO set to trigger in response to an event?
I want to trigger an action/task when an event is raised in any computer of the domain.
It this possible via GPO, do or I need to deploy script to all machines on the domain?
- 208
3
votes
2
answers
24k
views
Security Audit Failures in Event Viewer Windows Server 2008R2
When I am looking at the security tab of my event viewer on a Windows Server 2008 R2, I am showing a ton of Audit Failures with Event ID 4776.
The computer attempted to validate the credentials for ...
- 443
3
votes
1
answer
3k
views
Send mail on event log error trigger safe check frequency
I want to use powershell to alert me when an error occurs in the event viewer on my new Win2k12 Standard Server, I was thinking I could have the script execute every 10mins but don't want to put any ...
- 145
3
votes
2
answers
1k
views
Why are logon types on Domain Controller and Workstation different
When I logon to a specific machine in an Active Directory domain, the logon type recorded in Event Viewer is 10, but the same event log on the domain controller is 3. Why are the all of logon on the ...
3
votes
1
answer
19k
views
A ton of Logon/off events in Event Viewer
I am running a Win2012 server in VMware, I have installed IIS, NAP, VPN, DHCP, DNS, WDS, AD DS, AD CS. I have win7 clients in my domain, but they're not turned on.
The problem is, I am getting a ...
- 145
3
votes
1
answer
3k
views
I need an XPath query to view all events in the Windows event log (custom view)
In Windows powershell you can type get-winevents without any parameters and it will dump all events. I would like access to all events in the event viewer using a custom view. I can of course just ...
- 317
3
votes
1
answer
10k
views
Why is the user name "N/A" for most of the event log entries? How to get it filled in?
In my code, if something terribly goes wrong, I write something in the event log (using the ReportEvent function). For those entries, I get a user-id in the event log entry (5th argument of ...
- 227
3
votes
1
answer
2k
views
Change an Applications and Services Logs log path using GPO
I am wanting to change the AppLocker Log path by a GPO. The specific log is found at Event Viewer \ Applications and Services Logs \ Microsoft \ Windows \ AppLocker \ EXE and DLL.
I know you can ...
- 154
3
votes
2
answers
8k
views
how to separate IIS event logs by application in event viewer
Just to start with, I would like to advise I am VERY new to IIS so apologies for any obvious questions in advance.
I have done some research around this topic and my findings have been inconclusive.
...
- 141
3
votes
1
answer
10k
views
Windows 2012 R2 Server Manager Fails to Load
I am unable to open Server Manager on our Windows 2012-R2 system. The error states:
Server Manager cannot run because of an error in a user settings file. Click OK to restore default settings.......
...
- 353
3
votes
1
answer
8k
views
Script to export custom view Event Viewer to .evtx Powershell
This is my PowerShell script to export data from a Custom View in the Event Viewer via the XML data.
set-executionpolicy unrestricted
[xml]$CustomView = @"
<QueryList>
<Query Id="0" Path="...
- 73