Windows event logs are unique files that record important events on your PC. For example, when a user logs into the machine or when an error occurs, it is recorded in the Windows event logs. You can read these logs with Windows Event Viewer. Event Viewer presents explicit information about important events like programs that should start, but don’t or updates that were not installed as expected on your computer.
To the average person, these Windows events might not mean much, but for more advanced users, the details of the Windows event logs can be extremely helpful when troubleshooting a variety of issues.
Depending on the severity of the Windows event, application events can be classified as error, warning, or information. An important problem such as data loss occurring would be considered an error. When an event isn’t as severe, but may lead to a problem in the future, it is a warning. Lastly, a successful operation of a driver, program or service is considered an information event.
If your computer is setup as a domain controller, it will have other logs displayed in the setup events.
Also called audits, security-related Windows events can either be successful or failed. It all depends on the particular Windows event. One example would be whether or not a log on attempt by a user was successful or unsuccessful.
When events are sent to a Windows Event Log by other computers, these are considered forwarded events.
Additional logs can be viewed in setup events on computers that are configured as domain controllers.
Keeping track of Windows events across your environment can be time-consuming, but it doesn’t have to be. Event Manager for Windows makes keeping track of all of the events and jobs on your servers easy with an "Outlook-style" calendar that lets you view everything in one place. Event Manager collects Windows events from the system, the application, as well as security logs and enables you to easily correlate them with other events that have occurred during that time via the calendar view.
For example, many failed login attempts may be indicative of a brute force attack. Event Manager can alert you to this situation so that you can take appropriate action. You can also generate alerts for events that are impacting critical services and applications in your environment. You will know right away when there are issues that require your attention before they turn into larger problems.
“We use SentryOne SQL Sentry daily to watch and troubleshoot active processes on our production and business critical servers.”
- Kevin Howell