Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

EventID.Net Documents

What is the event source?

By Adrian Grigorof, B.Sc., MCSE

Windows events are not generated by the Windows itself but by individual applications (they may be Windows components). These applications record themselves as the "Source" of the event.

Here is how you can identify the source of the event using Microsoft Event Viewer:

As one can see, the source for this event is NETLOGON.

As a tip, you can see all the sources that recorded themselves as being able to generate events by examining the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog

Under this key, there are subkeys for each event log: Application, Security, System (more if you the computer is a domain controller or if some application created its own custom event log). Under the keys for each log are the applications that registered themselves. For example, the NETLOGON source has the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Netlogon

As you can see, NETLOGON records its events in the System log. Under this key, you can find the EventMessageFile value that holds the location of the file with the templates for all the events that this source can generate (%SystemRoot%\System32\netmsg.dll for our example). To read the content of this file you need to use Microsoft's Event Log APIs. Here is what this file contains for NETLOGON.

If you are a subscriber, you can download a small utility to read these message files (click here for a screenshot).

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...