These days, one of the most important aspects of cyber security is network monitoring. We have already published a detailed post on the importance and how to monitor the network. We suggest you read it. Event Viewer is a component of Microsoft‘s windows operating system (Server family and Workstation family) that lets administrators and users view the event logs on a local or remote machine. Of course, application and System logs can be viewed by all users, but Security logs are accessible only to administrators.

The Windows Event Viewer is a useful tool for troubleshooting all kinds of different Windows problems because it shows a log of application and system messages, including errors, information messages, and warnings.

The Event Log service starts automatically when you start Windows.




Types of Events in Event Viewer 

  • Error: A significant problem, such as loss of data or loss of functionality or abnormal stop of a service.
  • Warning: An event that is not necessarily significant, but may indicate a possible future problem. For example, low of disk space.
  • Information: An event that describes the successful operation of an application, driver, or service.
  • Success Audit: An audited security access attempt that succeeds. For example, a user’s successful attempt to log on to the system will be logged as a Success Audit event.
  • Failure Audit: An audited security access attempt that fails. For example, if a user tries to logon to computer and fails, the attempt will be logged as a Failure Audit event.

Source:   and



Logs Categories 

There are many categories for logs in this console, but the three main and important categories are:

  • Application: The Application log records events related to Windows system components, such as drivers and built-in interface elements.
  • System: this category includes records events related to programs installed on the system.
  • Security: When security logging is enabled (it’s off by default in Windows), this log records events related to security, such as logon attempts and resource access.