Quincy Center for Technical Education
Computer Technology Department

Event Viewer overview

Using the event logs in Event Viewer, you can gather information about hardware, software, and system problems and monitor Windows 2000 security events.

Windows 2000 records events in three kinds of logs:

Application log

The application log contains events logged by applications or programs. For example, a database program might record a file error in the application log. The developer decides which events to record.

System log

The system log contains events logged by the Windows 2000 system components. For example, the failure of a driver or other system component to load during startup is recorded in the system log. The event types logged by system components are predetermined.

Security log

The security log can record security events such as valid and invalid logon attempts, as well as events related to resource use, such as creating, opening, or deleting files. An administrator can specify what events are recorded in the security log. For example, if you have enabled logon auditing, attempts to log on to the system are recorded in the security log.

Event Viewer displays these types of events:

Error

A significant problem, such as loss of data or loss of functionality. For example, if a service fails to load during startup, an error will be logged.

Warning

An event that is not necessarily significant, but may indicate a possible future problem. For example, when disk space is low, a warning will be logged.

Information

An event that describes the successful operation of an application, driver, or service. For example, when a network driver loads successfully, an Information event will be logged.

Success Audit

An audited security access attempt that succeeds. For example, a user's successful attempt to log on to the system will be logged as a Success Audit event.

Failure Audit

An audited security access attempt that fails. For example, if a user tries to access a network drive and fails, the attempt will be logged as a Failure Audit event.

The Event Log service starts automatically when you start Windows 2000. Application and system logs can be viewed by all users, but security logs are accessible only to administrators.

By default, security logging is turned off. You can use Group Policy to enable security logging. The administrator can also set auditing policies in the registry that cause the system to halt