Help Docs

Windows Event Logs

The most damaging blows to an enterprise's security system often come from the inside. The only way to protect your system from malicious insider attacks is by monitoring your Windows server logs and auto-generating alerts in real time. Logs help you troubleshoot, diagnose, and resolve issues, and event logs contain the most important information required for diagnosing application and operating system failures. Basic event log types include:

  • System logs: Track miscellaneous system events like startup, shutdown, hardware failures, and controller failures. 
  • Application logs: The source for application status information.  
  • Security logs: Track events such as logon, logoff, changes to access rights, and system startup and shutdown. 

With Site24x7 you can protect this vulnerable information by effectively analyzing and managing your Windows event logs. You can also troubleshoot and optimize your Windows servers to find the root cause of failures in a single dashboard.  Learn more about log management with Site24x7.

Getting started

  1. Log in to your Site24x7 account.
  2. Download and install the Site24x7 Server Monitoring agent (Windows | Linux). 
  3. Go to Admin > AppLogs > Log Profile and Add Log Profile.

Windows event type specification

While creating a log profile, you have to specify which Windows event types should be collected for which logs. By default, event types like application, system, and security are provided. You can also add more or remove event types from log collection.

Log pattern

The following is the default pattern defined by Site24x7 to parse Windows event logs:

$DateTime:date$ $EventId$ $Type$ $Level$ '$Source$' $ComputerName$ $User$ $TaskCategory$ $Message$

Sample log

5/8/2018 11:52:39 PM 1001 Application Information 'Windows Error Reporting' Test-PC - None Windows Update Failure

This log is separated into fields, each of which will take its respective value and will then be uploaded to Site24x7.

Field name Field value
DateTime 5/8/2018 11:52:39 PM
EventId 1001
Type Application
Level Information
Source Windows Error Reporting
ComputerName Test-PC
User -
TaskCategory None
Message Windows Update Failure
Note

For Windows Event Logs, when the agent starts or restarts, it will collect logs from the past 5 minutes and then collect events from that point onwards.

Windows event logs dashboard

AppLogs creates an exclusive dashboard for every Log Type, and shows a few widgets by default. Here's a list of the widgets available in the Windows event logs dashboard:

  • Successful Application Installations
  • Failed Application Installations
  • Application Crashes
  • Bad Disk Sector
  • Unexpected Shutdown
  • Logon Stats
  • Logon Type
  • Event Types
  • Task Category
  • Top 50 Event IDs
  • Top Applications
  • Top Applications by Host
  • Restart Required
  • Service Stats
Note

In addition to the default widgets, your saved searches will also be added to the dashboard automatically.

Related articles

Was this document helpful?

Would you like to help us improve our documents? Tell us what you think we could do better.


We're sorry to hear that you're not satisfied with the document. We'd love to learn what we could do to improve the experience.


Thanks for taking the time to share your feedback. We'll use your feedback to improve our online help resources.

Shortlink has been copied!