Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

EventID.Net Documents

NT/2000 Event Logs and Event Types

By Adrian Grigorof, B.Sc., MCSE

Windows NT has 3 types of logs:

Application Log - Contains events reported by various applications installed on the Windows NT server. These can be Microsoft or 3-rd party applications.

File: %SystemRoot%\System32\Config\AppEvent.evt

Security Log - Contains all the auditing and security events.

File: %SystemRoot%\System32\Config\SecEvent.evt

System Log - Contains events reported by Windows NT system components (processes, kernel, drivers.

File: %SystemRoot%\System32\Config\SysEvent.evt

Windows 2000 Servers configured with Active Directory or just DNS has 3 additional logs:

Directory Service - Contains events reported by Active Directory

File: %SystemRoot%\System32\Config\Director.evt

DNS Server - Contains events reported by Microsoft Windows 2000 DNS Server.

File: %SystemRoot%\System32\Config\DNSEvent.evt

File Replication Service - Contains events reported by Microsoft FRS Service.

File: %SystemRoot%\System32\Config\NTFrs.evt

Note: Win2K Professional cannot read any of the DNS/FRS/DS logs, unless the Admin pack is installed.

NT/2000 Event logs contain 5 types of events:

Information - An event that describes the successful operation of an application, driver, or service. For example, when a network driver loads successfully, an Information event will be logged.

Error - A significant problem, such as loss of data or loss of functionality. For example, if a service fails to load during startup, an error will be logged.

Warning - An event that is not necessarily significant, but may indicate a possible future problem. For example, when disk space is low, a warning will be logged.

Success Audit - An audited security access attempt that succeeds. For example, a user's successful attempt to log on to the system will be logged as a Success Audit event.

Failure Audit - An audited security access attempt that fails. For example, if a user tries to access a network drive and fails, the attempt will be logged as a Failure Audit event.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.