Event Log (System Services for the Windows Server 2003 Family and Windows XP Operating Systems)
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Service Name: Eventlog
Executable Name: services.exe
Log On As: LocalSystem
Description: This service logs event messages issued by programs and the Windows operating system. Event Log reports contain information that can be useful in diagnosing problems. Reports are viewed in Event Viewer. The Event Log service writes events sent by applications, services, and the operating system to log files. The events contain diagnostic information in addition to errors specific to the source application, service, or component. The logs can be viewed programmatically through the Event Log APIs or through the Event Viewer in an MMC (Microsoft Management Console) snap-in.
By default, a computer running Windows 2000 Server, Windows XP and Windows Server 2003, records events in three kinds of logs:
The application log contains events logged by applications or programs. For example, a database program might record a file error in the application log. Program developers decide which events to log.
The security log records events such as valid and invalid logon attempts, as well as events related to resource use such as creating, opening, or deleting files or other objects. For example, if logon auditing is enabled, attempts to log on to the system are recorded in the security log.
The system log contains events logged by Windows system components. For example, the failure of a driver or other system component to load during startup is recorded in the system log. The event types logged by system components are predetermined by the server.
A computer running a Windows Server 2003 family operating system configured as a domain controller records events in two additional logs:
Directory service log
The directory service log contains events logged by the Windows Active Directory service. For example, connection problems between the server and the global catalog are recorded in the directory service log.
File Replication service log
The File Replication service log contains events logged by the Windows File Replication service. For example, file replication failures and events that occur while domain controllers are being updated with information about system volume changes are recorded in the file replication log.
A computer running Windows configured as a Domain Name System (DNS) server records events in an additional log:
DNS server log
The DNS server log contains events logged by the Windows DNS service.
If the event log is disabled, you will be unable to track events, which will significantly reduce the ability to successfully diagnose system problems. In addition security events will not be audited and you will not be able to view previous event logs using the MMC event viewer snap in.
Available on: Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition.
Installed through: Default operating system installation
Startup type: Automatic
Service status: Started
This service depends on the following system components: None
The following system components depend on this service:
Network News Transfer Protocol (NNTP)
Simple Mail Transfer Protocol (SMTP)
SNMP Trap Service
Windows Internet Name Services (WINS)
Windows Management Instrumentation
IP Port Numbers used: