Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event Viewer Redirect

Windows 7 +

1. Open the Registry Editor (Click Start, Search, regedit)

2. Navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Event Viewer

ReEdit
Fig. 1 - Registry key used by Event Viewer (Click on the picture for a larger view)

3. Double-click on the MicrosoftRedirectionURL registry value and set it to:

http://www.eventid.net/display.asp

If you wish to restore the default value set it to:

http://go.microsoft.com/fwlink/events.asp

5. Close Registry Editor, restart Event Viewer (if it was started).
When clicking on Event Log Online Help link, the Event Viewer will go straight to www.eventid.net.

Event Viewer
Fig. 2 - Typical event information in Windows 7 Event Viewer

Note: From using this option in Event Viewer, we have noticed that at the first click, Event Viewer will ask for permissions to send the information over the Internet, regardless if it goes to the original Microsoft location or www.eventid.net. However, this actually cancels the actual connection to the website. Once you approve the sending of this information, the next click will work fine.

Windows XP
For most of the events, Event Viewer adds at the end the following sentence:
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Fig. 3 - Event properties window

If one clicks on this link, another window will open with information that will be submitted to the site. The main problem is that in 99% of the cases, there is no additional information listed on that web page. The following registry modification will redirect all the requests for http://go.microsoft.com/fwlink/events.asp to http://www.eventid.net/eventviewer.asp. This page will take the event id and the source and redirect the request to the www.eventid.net search engine. For example, for the event shown above, the final page will be http://www.eventid.net/display.asp?eventid=7035&source=Service%20Control%20Manager

To implement this change download, unzip and import the EventViewerRedirect.zip file. Here is the content of the file:

Windows Registry Editor Version 5.00

# Allow to redirect the Windows Event viewer to the site of Event ID

# Author : Gilles Ronsin
# Web site (in French) :http://gilles.ronsin.free.fr/
# Link to the explanations (in French): http://gilles.ronsin.free.fr/#EventId
# Modified by Adrian Grigorof on October 29, 2004

----------------- cut here ------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Event Viewer]
"MicrosoftRedirectionProgramCommandLineParameters"="-url hcp://services/centers/support?topic=%s"
"MicrosoftRedirectionURL!"="http://go.microsoft.com/fwlink/events.asp"
"MicrosoftRedirectionURL"="http://www.eventid.net/eventviewer.asp"
"MicrosoftRedirectionProgram!"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d, 00,52,00,6f,00,6f,00,74,00,25,00,5c,00,50,00,43,00,48,00,65,00,61,00,6c,00, 74,00,68,00,5c,00,48,00,65,00,6c,00,70,00,43,00,74,00,72,00,5c,00,42,00,69, 00,6e,00,61,00,72,00,69,00,65,00,73,00,5c,00,48,00,65,00,6c,00,70,00,43,00, 74,00,72,00,2e,00,65,00,78,00,65,00,00,00
"MicrosoftRedirectionProgram"=-
------------------ cut here ----------------------------------------

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...