All Questions
Tagged with logging event-viewer
22
questions
1
vote
0
answers
48
views
HyperV VM was stopped - How to find why and when in Windows Server event logs
Recently I keep finding a HyperV VM (the MSSP's vulnerability scanner) that is in the "Stopped" state when it shouldn't be and want to find the cause. I'm a support officer slowly ...
0
votes
0
answers
175
views
What are the "setup" Events in Windows Event Viewer Logging?
I'm getting more familiar with the Windows Event Viewer for a recent IT job, and I'm unsure about what "setup" events are being logged in the Windows Event Viewer.
The MS documentation says ...
2
votes
0
answers
325
views
Windows AD event to detect new administrator user
I would like to know which event ID can be monitored in order to check if an existing user or a new one become administrator.
I search for 4720 and 4738 event IDs but the information displayed in the ...
-3
votes
2
answers
473
views
Have I been hacked?
I recently received my laptop from repair and I just had a hunch that something fishy might have happened so I checked the log files on Windows Event Viewer and it turns out that my laptop has been ...
1
vote
0
answers
195
views
Windows EVTX Delete Via RecordId
I am trying to figure out a way to delete only a single entry (identified via EventRecordID, found in the Details > XML View) from a Windows Log file (.evtx extension).
Tried so far via PowerShell, ...
1
vote
1
answer
474
views
Audit registry access or modification
I want to audit registry modifications, or attempts in case of failure. For that purpose, I have set the audit policy as follows:
auditpol /set /subcategory:"Registry" /success:enable /...
0
votes
2
answers
247
views
How do you capture programs/scripts that run and quickly disappear in Windows 10?
I have noticed that a CMD script seems to randomly run while doing things but cannot seem to capture what or where it's coming from. Is there a way to use some sort of logging app to see what comes ...
1
vote
1
answer
1k
views
How to log Custom Views in Event Viewer (Windows Server 2012 )
I created a Custom View in Event Viewer (Windows Server 2012) that displays events from by a specified source (Sugar2SvcNow Log in attached screen shot). I'm trying to save all the events in this ...
1
vote
0
answers
67
views
Windows 7 Event Viewer - Save logs in real-time
I recently changed event viewer to save logs to an external drive then restarted my computer.
It's working fine, however, the logs aren't being written in real time.
When I open Event Viewer, it ...
0
votes
1
answer
335
views
Does the time change on thin clients to sync up to what application say the time is?
I know this question is not put the best way and I can edit it to read better after I have a better understanding of this. We are using a Windows 10 Enterprise environment that is VMI and VDI based. ...
0
votes
1
answer
368
views
Modifying script to capture login/shutdown times in Windows
For some time now I've been using this script to view my login time for a particular computer:
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.GetFile("C:\Windows\...
1
vote
1
answer
314
views
Windows 7 - spontaneous wake from sleep
Irregularly, unattended PC wakes up. A typical 'system' event log sequence is below Basically, my question is whether anything can be inferred from this. More specifically,
Is the order of ...
3
votes
2
answers
13k
views
how to get Windows event logs in English though the default language is Spanish?
I want to analyze the windows event logs that is been getting generated from windows machines. The default language for windows is Spanish so it is generating the logs in Spanish but the tool which i'...
0
votes
2
answers
107
views
Where Does One Find Logs of Pentesting Tools on Windows
I'm scanning my Windows 8 machine with Nmap and OpenVAS (from a different machine on my LAN and another one over WAN) and I'm looking for logs for the occurrence of such events in the Event Viewer but ...
0
votes
2
answers
4k
views
Antivirus logging to Windows Event Viewer [closed]
I'm trying to find antivirus software with centralized management that logs 'everything' to Windows Event Viewer (or a text file). It will run in a server environment. I'm talking about these kinds of ...
1
vote
1
answer
4k
views
Internet access status, windows 7 event viewer
I have a pc working 24/7 and the internet connection disconnect and reconnect several times in the day, and I would like to know log history of the internet status logged by this pc, is it possible ...
1
vote
1
answer
7k
views
USB File Transfer Log [duplicate]
I think I have just lost a USB stick. Is there a way to view all the file transfers made from a PC to the external drive, so I can double check everything that was on the drive? Very unlikely, but ...
0
votes
2
answers
1k
views
How Do I Suppress SQL Server "Informational" Messages?
I've just installed SQL Server 2008 R2 Express for local development, and it's flooding the Application Event Log with a seemingly endless barrage of trivia and drivel ("SQL Server is now ready for ...
1
vote
1
answer
2k
views
How to trace the X window events being generated on Linux?
I recall in the past having a tool to run on Solaris that would allow me to see what X events are being generated by the keyboard and mouse. What is the application to do this on Linux Centos4?
0
votes
1
answer
2k
views
SQL Server: Audit permission denied
Is there any easy way to see those events in SQL Server 2008 for which permission was denied on a query (along with the text of the query and the specific object that permission was denied to)?
I ...
2
votes
1
answer
652
views
What's the most reliable way to log statup/shutdown times on a Vista PC?
A similar question titled How do I log startup and shut-down times in Windows 7? mentioned that PC startup and shutdown times can be recorded in the event viewer.
Events logged in the viewer are ...
16
votes
4
answers
108k
views
How can I use Event Viewer to confirm login times filtered by User?
I'm required to log my start and finish times at work. Occasionally I forget to do this and had a bright idea that checking the Security events log would allow me to retrospectively ascertain my times....