All Questions
Tagged with event-viewer logging
22
questions
1
vote
0
answers
48
views
HyperV VM was stopped - How to find why and when in Windows Server event logs
Recently I keep finding a HyperV VM (the MSSP's vulnerability scanner) that is in the "Stopped" state when it shouldn't be and want to find the cause. I'm a support officer slowly ...
0
votes
0
answers
175
views
What are the "setup" Events in Windows Event Viewer Logging?
I'm getting more familiar with the Windows Event Viewer for a recent IT job, and I'm unsure about what "setup" events are being logged in the Windows Event Viewer.
The MS documentation says ...
2
votes
0
answers
325
views
Windows AD event to detect new administrator user
I would like to know which event ID can be monitored in order to check if an existing user or a new one become administrator.
I search for 4720 and 4738 event IDs but the information displayed in the ...
-3
votes
2
answers
473
views
Have I been hacked?
I recently received my laptop from repair and I just had a hunch that something fishy might have happened so I checked the log files on Windows Event Viewer and it turns out that my laptop has been ...
1
vote
0
answers
195
views
Windows EVTX Delete Via RecordId
I am trying to figure out a way to delete only a single entry (identified via EventRecordID, found in the Details > XML View) from a Windows Log file (.evtx extension).
Tried so far via PowerShell, ...
1
vote
1
answer
474
views
Audit registry access or modification
I want to audit registry modifications, or attempts in case of failure. For that purpose, I have set the audit policy as follows:
auditpol /set /subcategory:"Registry" /success:enable /...
0
votes
2
answers
247
views
How do you capture programs/scripts that run and quickly disappear in Windows 10?
I have noticed that a CMD script seems to randomly run while doing things but cannot seem to capture what or where it's coming from. Is there a way to use some sort of logging app to see what comes ...
1
vote
1
answer
1k
views
How to log Custom Views in Event Viewer (Windows Server 2012 )
I created a Custom View in Event Viewer (Windows Server 2012) that displays events from by a specified source (Sugar2SvcNow Log in attached screen shot). I'm trying to save all the events in this ...
1
vote
0
answers
67
views
Windows 7 Event Viewer - Save logs in real-time
I recently changed event viewer to save logs to an external drive then restarted my computer.
It's working fine, however, the logs aren't being written in real time.
When I open Event Viewer, it ...
0
votes
1
answer
335
views
Does the time change on thin clients to sync up to what application say the time is?
I know this question is not put the best way and I can edit it to read better after I have a better understanding of this. We are using a Windows 10 Enterprise environment that is VMI and VDI based. ...
0
votes
1
answer
368
views
Modifying script to capture login/shutdown times in Windows
For some time now I've been using this script to view my login time for a particular computer:
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.GetFile("C:\Windows\...
1
vote
1
answer
314
views
Windows 7 - spontaneous wake from sleep
Irregularly, unattended PC wakes up. A typical 'system' event log sequence is below Basically, my question is whether anything can be inferred from this. More specifically,
Is the order of ...
3
votes
2
answers
13k
views
how to get Windows event logs in English though the default language is Spanish?
I want to analyze the windows event logs that is been getting generated from windows machines. The default language for windows is Spanish so it is generating the logs in Spanish but the tool which i'...
0
votes
2
answers
107
views
Where Does One Find Logs of Pentesting Tools on Windows
I'm scanning my Windows 8 machine with Nmap and OpenVAS (from a different machine on my LAN and another one over WAN) and I'm looking for logs for the occurrence of such events in the Event Viewer but ...
0
votes
2
answers
4k
views
Antivirus logging to Windows Event Viewer [closed]
I'm trying to find antivirus software with centralized management that logs 'everything' to Windows Event Viewer (or a text file). It will run in a server environment. I'm talking about these kinds of ...