The Event Viewer is equivalent to a health care doctor in the operating system. Some "stubborn" clues are displayed in the event viewer, A qualified system administrator and security maintenance personnel regularly checks the application, security, and system logs to check for illegal logon, abnormal system shutdown, program execution errors, and other information, you can view the event properties to determine the source and solution of the error, so that the operating system and application work normally. This article introduces some knowledge about Event Viewer and provides some reference for security maintenance personnel to maintain the system.
1. Event Viewer
The Event Viewer is a Microsoft Windows operating system tool. It is equivalent to a thick system log. It can view information about hardware, software, and system problems, and monitor security events in Windows operating systems. There are three ways to open the Event Viewer:
(1) Click Start> set> Control Panel> Administrative Tools> Event Viewer to open the Event Viewer window.
(2) manually type "% SystemRoot % \ system32 \ eventvwr. msc/s" in the "run" dialog box to open the Event Viewer window.
(3) Enter "eventvwr" or "eventvwr. msc" at run to open the event viewer.
2. log types recorded in Event Viewer
Three types of logs are recorded in the Event Viewer:
(1) application logs
Contains events recorded by applications or system programs, which mainly records program running events. For example, database programs can record file errors in application logs, program developers can decide which events to monitor. If an application crashes, we can find the corresponding records in the Program Event Log, which may help you solve the problem.
(2) security logs
Events such as valid and invalid logon attempts and resource usage events, such as creating, opening, or deleting files or other objects, are recorded, the system administrator can specify what events are recorded in security logs. By default, security logs are disabled. administrators can use group policies to start security logs, or set audit policies in the Registry to stop the system from responding when security logs are full.
(3) system logs
Events recorded by system components that contain Windows XP, such as loading drivers or failure of other system components during startup, are recorded in system logs, by default, Windows records system events to system logs. If the computer is configured as a domain controller, directory service logs and file replication service logs are also included. if the machine is configured as a Domain Name System (DNS) server, the DNS server logs will also be recorded. When Windows is started, the "event log" Service (EventLog) is automatically started. All users can view the application and system logs, but only the administrator can access security logs.
Five events are recorded in the Event Viewer. The icon on the left of the Event Viewer screen describes the categories of events in the Windows operating system. The Event Viewer displays the following types of events:
(1) error: major problems, such as data loss or function loss. For example, if the service cannot be loaded during startup, an error is recorded.
(2) Warning: potential problems can also be identified for events that are not necessarily important. For example, if the disk space is low, a warning is recorded.
(3) Information: describes whether an application, driver, or service has been successfully operated. For example, if the network driver is successfully loaded, an information event is recorded.
(4) successful review: Successful security access attempts. For example, a user's Successful Logon Attempt to the system is recorded as a "successful review" event.
(5) failed Review: security access attempts that have been reviewed and failed. For example, if a user attempts to access a network drive but fails, the attempt will be recorded as a "failed review.
In the next article "Event Viewer maintains server security instances", we will explain the operations of Event Viewer in detail based on the specific operation process.
- Network security solution for industrial standard servers
- Analysis of Three entry points for Enterprise Server Security Protection
- Analysis: three disciplines of server security