Event Log

Category:

• Application Logs: Events related to the installed applications are stored here.

• Security Logs: Events related to Sessions logon/logoff, RDP successful/failed connections, services installed, tasks created, etc. are stored here.

• System Logs: Events related to hardware states, drivers, etc. are stored here.

• Setup: The setup log contains events that occur during the installation of the Windows operating system. On domain controllers, this log will also record events related to Active Directory.

• Forwarded Events: Contains event logs forwarded from other computers in the same network.

🔐 Location: %SystemRoot%\System32\winevt\

Level:

• Information: This event type means that an operation was successfully completed and a general description of it is recorded.

• Warning: This event type means that there is some kind of minor problem that may cause bigger issues in future events.

• Error: This type of event means that a problem occurred causing a loss of functionality.

• Critical: Indicates a significant issue in an application or a system needing urgent attention.

• Verbose: Indicates progress or success messages for a particular event.

Keyword:

• Audit Success: This event type means that successful security access was attempted.

• Audit Failure: This type of event means that a failed security access was attempted.

Tool:

• Event Viewer

• Wevtuti

• Get-WinEvent

• EvtxECmd

Other logs

• %SystemRoot%\System32\Dns\Dns.log

• %SystemRoot%\System32\dhcp\DhcpSrv.log

---

This knowledge has been compiled from resources provided by LetsDefend.