Windows Events

Windows events and Performance Logs and Alerts are recorded in the EventLog service. The EventLog service starts automatically when you start Windows 2000. All users can view application and system logs, however, only administrators have access to security logs.

By default, security logging is turned off. You can use Group Policy to enable security logging. The system administrator can also set auditing policies in the registry that cause the system to halt when the security log is full.

Event Viewer displays the following types of events:

• Error. A significant problem, such as loss of data or loss of functionality. For example, if a service fails to load during startup, an error will be logged.

• Warning. An event that is not necessarily significant, but may indicate a possible impending problem. For example, when disk space is low, a warning will be logged.

• Information. An event that describes the successful operation of an application, driver, or service. For example, when a network driver loads successfully, an information event will be logged.

• Success audit. An audited security access attempt that succeeds. For example, the successful attempt by a user to log on the system will be logged as a success audit event.

• Failure audit. An audited security access attempt that fails. For example, if a user tries to access a network drive and fails, the attempt will be logged as a failure audit event.

The following figure shows how the event viewer appears with some of the events and alerts.

All rights reserved.