All Questions
Tagged with event-viewer logging
23
questions
4
votes
1
answer
2k
views
Event viewer showing 'logon' events, even when I'm currently using that PC
I am trying to see logon events(entering password to access PC).
However, I see many logon events in the past 1hr, even though I was using PC in the past 1hr without loggin in/out.
Why is Event Viewer ...
- 466k
1
vote
1
answer
4k
views
Internet access status, windows 7 event viewer
I have a pc working 24/7 and the internet connection disconnect and reconnect several times in the day, and I would like to know log history of the internet status logged by this pc, is it possible ...
CommunityBot
- 1
1
vote
0
answers
48
views
HyperV VM was stopped - How to find why and when in Windows Server event logs
Recently I keep finding a HyperV VM (the MSSP's vulnerability scanner) that is in the "Stopped" state when it shouldn't be and want to find the cause. I'm a support officer slowly ...
- 147
0
votes
0
answers
178
views
What are the "setup" Events in Windows Event Viewer Logging?
I'm getting more familiar with the Windows Event Viewer for a recent IT job, and I'm unsure about what "setup" events are being logged in the Windows Event Viewer.
The MS documentation says ...
- 101
2
votes
0
answers
347
views
Windows AD event to detect new administrator user
I would like to know which event ID can be monitored in order to check if an existing user or a new one become administrator.
I search for 4720 and 4738 event IDs but the information displayed in the ...
- 121
-3
votes
2
answers
480
views
Have I been hacked?
I recently received my laptop from repair and I just had a hunch that something fishy might have happened so I checked the log files on Windows Event Viewer and it turns out that my laptop has been ...
- 56.2k
1
vote
1
answer
487
views
Audit registry access or modification
I want to audit registry modifications, or attempts in case of failure. For that purpose, I have set the audit policy as follows:
auditpol /set /subcategory:"Registry" /success:enable /...
- 121
1
vote
0
answers
195
views
Windows EVTX Delete Via RecordId
I am trying to figure out a way to delete only a single entry (identified via EventRecordID, found in the Details > XML View) from a Windows Log file (.evtx extension).
Tried so far via PowerShell, ...
- 11
0
votes
2
answers
249
views
How do you capture programs/scripts that run and quickly disappear in Windows 10?
I have noticed that a CMD script seems to randomly run while doing things but cannot seem to capture what or where it's coming from. Is there a way to use some sort of logging app to see what comes ...
1
vote
1
answer
1k
views
How to log Custom Views in Event Viewer (Windows Server 2012 )
I created a Custom View in Event Viewer (Windows Server 2012) that displays events from by a specified source (Sugar2SvcNow Log in attached screen shot). I'm trying to save all the events in this ...
- 135
1
vote
0
answers
67
views
Windows 7 Event Viewer - Save logs in real-time
I recently changed event viewer to save logs to an external drive then restarted my computer.
It's working fine, however, the logs aren't being written in real time.
When I open Event Viewer, it ...
- 121
0
votes
1
answer
339
views
Does the time change on thin clients to sync up to what application say the time is?
I know this question is not put the best way and I can edit it to read better after I have a better understanding of this. We are using a Windows 10 Enterprise environment that is VMI and VDI based. ...
- 43.2k
16
votes
4
answers
108k
views
How can I use Event Viewer to confirm login times filtered by User?
I'm required to log my start and finish times at work. Occasionally I forget to do this and had a bright idea that checking the Security events log would allow me to retrospectively ascertain my times....
CommunityBot
- 1
1
vote
1
answer
314
views
Windows 7 - spontaneous wake from sleep
Irregularly, unattended PC wakes up. A typical 'system' event log sequence is below Basically, my question is whether anything can be inferred from this. More specifically,
Is the order of ...
- 1,626
0
votes
2
answers
1k
views
How Do I Suppress SQL Server "Informational" Messages?
I've just installed SQL Server 2008 R2 Express for local development, and it's flooding the Application Event Log with a seemingly endless barrage of trivia and drivel ("SQL Server is now ready for ...
- 4,910