These days, one of the most important aspects of cyber security is network monitoring. We have already published a detailed post on the importance and how to monitor the network. We suggest you read it. Event Viewer is a component of Microsoft‘s windows operating system (Server family and Workstation family) that lets administrators and users view the event logs on a local or remote machine. Of course, application and System logs can be viewed by all users, but Security logs are accessible only to administrators.
The Windows Event Viewer is a useful tool for troubleshooting all kinds of different Windows problems because it shows a log of application and system messages, including errors, information messages, and warnings.
The Event Log service starts automatically when you start Windows.
Source: howtogeek.com
Types of Events in Event Viewer
- Error: A significant problem, such as loss of data or loss of functionality or abnormal stop of a service.
- Warning: An event that is not necessarily significant, but may indicate a possible future problem. For example, low of disk space.
- Information: An event that describes the successful operation of an application, driver, or service.
- Success Audit: An audited security access attempt that succeeds. For example, a user’s successful attempt to log on to the system will be logged as a Success Audit event.
- Failure Audit: An audited security access attempt that fails. For example, if a user tries to logon to computer and fails, the attempt will be logged as a Failure Audit event.
Source: kb.blackbaud.com and docs.microsoft.com
Logs Categories
There are many categories for logs in this console, but the three main and important categories are:
- Application: The Application log records events related to Windows system components, such as drivers and built-in interface elements.
- System: this category includes records events related to programs installed on the system.
- Security: When security logging is enabled (it’s off by default in Windows), this log records events related to security, such as logon attempts and resource access.
———————————
Sources: