Event log overview

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Event log overview

By default, a computer running a Windows Server 2003 family operating system records events in three kinds of logs:

Application log

The application log contains events logged by applications or programs. For example, a database program might record a file error in the application log. Application developers decide which events to log.

Security log

The security log records events such as valid and invalid logon attempts, as well as events related to resource use such as creating, opening, or deleting files or other objects. For example, if logon auditing is enabled, attempts to log on to the system are recorded in the security log.

System log

The system log contains events logged by Windows system components. For example, the failure of a driver or other system component to load during startup is recorded in the system log. The event types logged by system components are predetermined by the server.

A computer running a Windows Server 2003 family operating system which is configured as a domain controller records events in two additional logs:

Directory service log

The directory service log contains events logged by the Windows Active Directory service. For example, connection problems between the server and the global catalog are recorded in the directory service log.

File Replication service log

The File Replication service log contains events logged by the Windows File Replication service. For example, file replication failures and events that occur while domain controllers are being updated with information about system volume changes are recorded in the file replication log.

A computer running Windows configured as a Domain Name System (DNS) server records events in an additional log:

DNS server log

The DNS server log contains events logged by the Windows DNS service.

Other types of events and event logs might be available on a computer, depending on what services are installed.

The Event Log service starts automatically when you start Windows.

If you are a member of the Administrators group on the local computer, you can set access permissions on event logs using Group Policy. For more information about security groups, see Default groups. For more information, see Settings for Event Logs.

For more information about viewing events, see Types of events and Interpreting an Event.