Event Viewer

Event Viewer Log
Developer(s)Microsoft
Operating systemMicrosoft Windows
Service nameWindows Event log (eventlog)
TypeUtility software

Event Viewer is a component of Microsoft's Windows NT operating system that lets administrators and users view the event logs, typically file extensions .evt and .evtx, on a local or remote machine. Applications and operating-system components can use this centralized log service to report events that have taken place, such as a failure to start a component or to complete an action. In Windows Vista, Microsoft overhauled the event system.[1]

Due to the Event Viewer's routine reporting of minor start-up and processing errors (which do not, in fact, harm or damage the computer), the software is frequently used by technical support scammers to trick the victim into thinking that their computer contains critical errors requiring immediate technical support.[2] An example is the "Administrative Events" field under "Custom Views" which can have over a thousand errors or warnings logged over a month's time.

Overview

Windows NT has featured event logs since its release in 1993.

The Event Viewer uses event IDs to define the uniquely identifiable events that a Windows computer can encounter. For example, when a user's authentication fails, the system may generate Event ID 672.

Windows NT 4.0 added support for defining "event sources" (i.e. the application which created the event) and performing backups of logs.

Windows 2000 added the capability for applications to create their own log sources in addition to the three system-defined "System", "Application", and "Security" log-files. Windows 2000 also replaced NT4's Event Viewer with a Microsoft Management Console (MMC) snap-in.

Windows Server 2003 added the AuthzInstallSecurityEventSource() API calls so that applications could register with the security-event logs, and write security-audit entries.[3]

Versions of Windows based on the Windows NT 6.0 kernel (Windows Vista and Windows Server 2008) no longer have a 300-megabyte limit to their total size. Prior to NT 6.0, the system opened on-disk files as memory-mapped files in kernel memory space, which used the same memory pools as other kernel components.

Event Viewer log-files with filename extension evtx typically appear in a directory such as C:\Windows\System32\winevt\Logs\

Command-line interface

eventquery.vbs, eventcreate, eventtriggers
Developer(s)Microsoft
Initial releaseOctober 25, 2001; 23 years ago (2001-10-25)
Operating systemMicrosoft Windows
TypeCommand
LicenseProprietary commercial software
Websitedocs.microsoft.com/en-us/windows-server/administration/windows-commands/eventcreate

Windows XP introduced a set of three command-line interface tools, useful to task automation:

  • eventquery.vbs – Official script to query, filter and output results based on the event logs.[4] Discontinued after XP.
  • eventcreate – a command (continued in Vista and 7) to put custom events in the logs.[5]
  • eventtriggers – a command to create event driven tasks.[6] Discontinued after XP, replaced by the "Attach task to this event" feature, that is, from within the list of events, Right-Click on a single event and select from the pop-up menu.

Windows Vista

Event Viewer consists of a rewritten event tracing and logging architecture on Windows Vista.[1] It has been rewritten around a structured XML log-format and a designated log type to allow applications to more precisely log events and to help make it easier for support technicians and developers to interpret the events.

The XML representation of the event can be viewed on the Details tab in an event's properties. It is also possible to view all potential events, their structures, registered event publishers and their configuration using the wevtutil utility, even before the events are fired.

There are a large number of different types of event logs including Administrative, Operational, Analytic, and Debug log types. Selecting the Application Logs node in the Scope pane reveals numerous new subcategorized event logs, including many labeled as diagnostic logs.

Analytic and Debug events which are high frequency are directly saved into a trace file while Admin and Operational events are infrequent enough to allow additional processing without affecting system performance, so they are delivered to the Event Log service.

Events are published asynchronously to reduce the performance impact on the event publishing application. Event attributes are also much more detailed and show EventID, Level, Task, Opcode, and Keywords properties.

Filtering using XPath 1.0

Users can filter event logs by one or more criteria or by a limited XPath 1.0 expression, and custom views can be created for one or more events. Using XPath as the query language allows viewing logs related only to a certain subsystem or an issue with only a certain component, archiving select events and sending traces on the fly to support technicians.

Here are examples of simple custom filters for the new Window Event Log:

Task Filter
Select all events in the Security Event Log where the account name involved (TargetUserName) is "JUser" <QueryList><Query Id="0" Path="Security"><Select Path="Security">*[EventData[Data[@Name="TargetUserName"]="JUser"]]</Select></Query></QueryList>
Select all events in the Security Event Log where any Data node of the EventData section is the string "JUser" <QueryList><Query Id="0" Path="Security"><Select Path="Security">*[EventData[Data="JUser"]]</Select></Query></QueryList>
Select all events in the Security Event Log where any Data node of the EventData section is "JUser" or "JDoe" <QueryList><Query Id="0" Path="Security"><Select Path="Security">*[EventData[Data="JUser" or Data="JDoe"]]</Select></Query></QueryList>
Select all events in the Security Event Log where any Data node of the EventData section is "JUser" and the Event ID is "4471" <QueryList><Query Id="0" Path="Security"><Select Path="Security">*[System[EventID="4471"]] and *[EventData[Data="JUser"]]</Select></Query></QueryList>
Real-world example for a package called Goldmine which has two @Names <QueryList><Query Id="0" Path="Application"><Select Path="Application">*[System[Provider[@Name='GoldMine' or @Name='GMService']]]</Select></Query></QueryList>

Caveats:

Event subscribers

Major event subscribers include the Event Collector service and Task Scheduler 2.0. The Event Collector service can automatically forward event logs to other remote systems, running Windows Vista, Windows Server 2008 or Windows Server 2003 R2 on a configurable schedule. Event logs can also be remotely viewed from other computers or multiple event logs can be centrally logged and monitored without an agent and managed from a single computer. Events can also be directly associated with tasks, which run in the redesigned Task Scheduler and trigger automated actions when particular events take place.

See also

References

  1. ^ a b "New tools for Event Management in Windows Vista". TechNet. Microsoft. November 2006.
  2. ^ Anderson, Nate (October 4, 2012). ""I am calling you from Windows": A tech support scammer dials Ars Technica". Ars Technica.
  3. ^ "AuthzInstallSecurityEventSource Function". MSDN. Microsoft. Retrieved October 5, 2007.
  4. ^ LLC), Tara Meyer (Aquent. "Eventquery.vbs". docs.microsoft.com.
  5. ^ LLC), Tara Meyer (Aquent. "Eventcreate". docs.microsoft.com.
  6. ^ LLC), Tara Meyer (Aquent. "Eventtriggers". docs.microsoft.com.
  7. ^ "Microsoft's Implementation and Limitations of XPath 1.0 in Windows Event Log". MSDN. Microsoft. Retrieved August 7, 2009.
  8. ^ "Powershell script to filter events using an Xpath query". Retrieved September 20, 2011.
Wikibooks has a book on the topic of: Guide to Windows Commands

Read other articles:

Cymothoidae

Cymothoidae Anilocra capensis on Lithognathus aureti Klasifikasi ilmiah Kerajaan: Animalia Filum: Arthropoda Subfilum: Crustacea Kelas: Malacostraca Ordo: Isopoda Subordo: Cymothoida Famili: CymothoidaeLeach, 1818 [1] Genera c. 40; lihat teks Cymothoidae adalah famili isopod. Beberapa spesies di antaranya merupakan parasit, dan biasanya yang menjadi inangnya adalah ikan. Terdapat empat puluh genera [1] Anggotanya memiliki rahang atas yang tereduksi dan memiliki ujun...

 

Carolyn Porco

Carolyn PorcoLahir6 Maret 1953 (umur 71)Bronx, New York, Amerika SerikatKebangsaanAmerika SerikatAlmamaterCalifornia Institute of Technology Stony Brook UniversityDikenal atasPemimpin Tim Pencitraan Cassini; Penemuan tentang sistem Saturnus; Anggota Tim Pencitraan Voyager; Pakar dalam Cincin planetarium dan Enceladus; The Day the Earth Smiled; Komunikator sains & jurubicara publik; Konsultan film.PenghargaanAsteroid Porco; Lennart Nilsson Award (2009); AAS Carl Sagan Medal (2010); C...

 

География Канады

География Канады Часть света Америка Регион Северная Америка Координаты 60°с.ш. 95°з.д. Площадь 2-я в мире 9 984 670 км² вода: 8,9 % суша: 91,1 % Береговая линия 202 080 км Границы 8893 км (все с США) Высшая точка Гора Логан 5959 м Низшая точка Уровень моря 0 м Крупнейшая река Маккензи Круп�...

SCIAMACHY

SCIAMACHY, Nadir and Limb scanning. SCIAMACHY (SCanning Imaging Absorption SpectroMeter for Atmospheric CHartographY; Greek: σκιάμάχη: analogously: Fighting shadows) was one of ten instruments aboard of ESA's ENVIronmental SATellite, ENVISAT. It was a satellite spectrometer designed to measure sunlight, transmitted, reflected and scattered by the Earth's atmosphere or surface in the ultraviolet, visible and near infrared wavelength region (240 nm - 2380 nm) at moderate spectral r...

 

Eitoku (crater)

Crater on Mercury Crater on MercuryEitokuMESSENGER NACPlanetMercuryCoordinates21°48′S 157°11′W / 21.80°S 157.18°W / -21.80; -157.18QuadrangleMichelangeloDiameter101.0 km (62.8 mi)EponymKanō Eitoku Oblique view Eitoku is a crater on Mercury. It has a diameter of 101 kilometers.[1] Its name was adopted by the International Astronomical Union in 1976. Eitoku is named for the Japanese artist Kanō Eitoku, who lived from 1543 to 1590.[2] E...

 

تشارلز دارني

تشارلز دارني Charles Darnay قصة مدينتين: الدكتور مانيت ولوسي مع تشارلز دارني حبر وألوان مائية. بريشة تشارلز إدموند بروك معلومات شخصية الجنسية فرنسي اللقب ماركيز الحياة العملية أول ظهور قصة مدينتين آخر ظهور قصة مدينتين المبتكر تشارلز ديكنز تأليف تشارلز ديكنز  الجنس ذكر المهنة...

Immunology

Branch of medicine studying the immune system Immunobiology redirects here. For the journal, see Immunobiology (journal). ImmunologyMRSA (yellow) enguled by neutrophil (purple) Photo Source: National Institute of Allergy and Infectious DiseasesSystemImmuneSubdivisionsCellularClinical Genetic (Immunogenetics) HumoralMolecularSignificant diseasesRheumatoid arthritis Inflammation Autoimmune diseaseHypersensitivityImmune disorderImmunodeficiencySignificant testsAgglutinationImmunoassayImmunopreci...

 

Cone cell

Photoreceptor cells responsible for color vision made to function in bright light Cone cellsNormalized responsivity spectra of human cone cells, S, M, and L typesDetailsLocationRetina of vertebratesFunctionColor visionIdentifiersMeSHD017949NeuroLex IDsao1103104164THH3.11.08.3.01046 FMA67748Anatomical terms of neuroanatomy[edit on Wikidata] Cone cells or cones are photoreceptor cells in the retinas of vertebrates' eyes. They respond differently to light of different wavelengths, and the co...

 

List of Tugs characters

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages) This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: List of Tugs characters – news · newspapers · books · scholar · JSTOR (March 2013) (Learn how and when to ...

In Your Dreams (2023 TV series)

South African TV series or programme In Your DreamsCountry of originSouth AfricaOriginal languageEnglishNo. of seasons1No. of episodes6ProductionProduction companyAmazon PrimeOriginal releaseNetworkAmazon MGM Studios In Your Dreams is a South African fantasy drama television series written by Gareth Crocker and directed by Crocker and Fred Wolmarans. It is the first scripted television series by Amazon Studios produced in South Africa. Synopsis Marcus and Lloyd, best friends from childhood a...

 

Booth's Theatre

Former theatre in Manhattan, New York For the current New York City theater, see Booth Theatre. Booth's TheatrePhotograph of the exterior of Booth's Theatre, viewed from diagonally across the intersection of 23rd Street and Sixth Avenue Booth's Theatre was a theatre in New York built by actor Edwin Booth. Located on the southeast corner of 23rd Street and Sixth Avenue, Booth's Theatre opened on February 3, 1869. The theatre featured a grand vestibule with Italian marble floors and a large sta...

 

Corps of Guides (India)

Regiment of the British Indian Army, in service from 1846 to 1922 For the Belgian unit, see Guides Regiment. For the youth movement, see Girl Guides. This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: Corps of Guides India – news · newspapers · books · scholar · JSTOR (August 2010) (Learn how and when to r...

Ties That Bind (film)

2011 Ghanaian filmTies that BindTheatrical PosterDirected byLeila DjansiWritten byLeila DjansiProduced byTheodore BaidooWinrick KolbeJulia DjansiStarringKimberly EliseOmotola Jalade EkeindeAma K. AbebreseJohn DumeloEbbe BasseyCinematographyWes CardinoEdited byAvril BuekesMusic byThomas VanoostingProductioncompanyTurning Point Media ProductionsDistributed byTurning Point PicturesRelease date December 5, 2011 (2011-12-05) (AFRIFF) CountryGhanaLanguageEnglishBudget$2,000,000 (...

 

Bridge Park (Bronx)

Public park in the Bronx, New York Bridge ParkSouthern end of the parkTypeUrban parkLocationMorris Heights and Highbridge, Bronx, New York CityArea7.16 acres (2.90 ha)Opened2015Operated byNYC Parks Bridge Park is a park in the Bronx, New York, created as part of a larger vision of creating connected waterfront parks along both sides of the Harlem River. The park's name references three large arch bridges linking Manhattan and the Bronx: Alexander Hamilton Bridge, Washington Bridge, ...

 

Twix

Dua batang Twix Sebatang Twix yang dipatahkan Twix adalah makanan ringan yang diproduksi oleh Mars Incorporated, dibuat dari biskuit mentega yang dilapisi karamel dan cokelat susu. Dan merupakan yang terkecil di antara permen cokelat lainnya, Twix biasanya berjumlah dua dalam satu bungkus. Twix pertama kali diproduksi di Britania Raya pada 1967, dan diperkenalkan di Amerika Utara pada 1979. Twix awalnya bernama Raider di Austria, Belgia, Denmark, Finlandia, Prancis, Jerman, Yunani, Italia, Be...

Sait Faik Abasıyanık

Turkish writer of short stories and poetry (1906-1954) You can help expand this article with text translated from the corresponding article in Turkish. (September 2018) Click [show] for important translation instructions. Machine translation, like DeepL or Google Translate, is a useful starting point for translations, but translators must revise errors as necessary and confirm that the translation is accurate, rather than simply copy-pasting machine-translated text into the English Wikip...

 

Aesculus turbinata

Species of tree Aesculus turbinata Scientific classification Kingdom: Plantae Clade: Tracheophytes Clade: Angiosperms Clade: Eudicots Clade: Rosids Order: Sapindales Family: Sapindaceae Genus: Aesculus Species: A. turbinata Binomial name Aesculus turbinataBlume Synonyms[1][2][3] Aesculus turbinata f. pubescens (Rehder) Ohwi ex Yas Endo Aesculus turbinata var. pubescens Rehder Aesculus dissimilis Blume Pawia dissimilis Kuntze Pawia turbinata Kuntze Aesculus turbina...

 

Ferdinando Richardson

English composer, musician, and courtier Ferdinando Heyborne monument (right), at All Hallows Church, Tottenham Ferdinando Richardson (also known as Sir Ferdinando Heyborne)[1] (c. 1558–1618) was an English composer, musician, and courtier. He was a pupil of Thomas Tallis,[2] and various works for the keyboard by him survive in the manuscript collection known as the Fitzwilliam Virginal Book. He wrote a letter to Sir Michael Hicks enclosing some exercises for the virginal fo...

FA Cup 2000-2001

FA Cup 2000-2001 Competizione FA Cup Sport Calcio Edizione 120ª Organizzatore FA Luogo  Inghilterra Risultati Vincitore  Liverpool(6º titolo) Secondo  Arsenal Semi-finalisti  Tottenham Wycombe Una formazione del Liverpool, vincitore dell'edizione Cronologia della competizione 1999-00 2001-02 Manuale La FA Cup 2000-2001 è stata la centoventesima edizione della competizione calcistica più antica del mondo. È stata vinta dal Liverpool contro l'Arsenal. Indice 1 Pri...

 

Patella

Kneecap, bone covering knee joint For other uses, see Patella (disambiguation). Kneecap redirects here. For other uses, see Kneecap (disambiguation). PatellaRight kneeDetailsPronunciation/pəˈtɛlə/OriginsPresent at the joint of femur and tibia fibulaIdentifiersLatinpatellaMeSHD010329TA98A02.5.05.001TA21390FMA24485Anatomical terms of bone[edit on Wikidata] The patella (pl.: patellae or patellas), also known as the kneecap, is a flat, rounded triangular bone which articulates with the fe...