TABLE OF CONTENTS Event logs provide valuable insight into what is happening on a system. The scope of a typical event log is very different from the output of an IDS (intrusion detection system). This is because in general the event logs are more tailored to specific systems and applications. With the right utilities you can even create event log entries for custom applications or batch files/scripts. For example, if you have a batch file that deleted old temp files on a server, you could have it send a log message to the syslog server if there are errors during the delete process. When talking about free event logging (free software to generate the logs and free software to receive the logs), there are basically two formats you are likely to encounter and work with extensively. In the UNIX world, there is syslog, which is the de facto standard when it comes to centralized logging. On the other hand, there are the Microsoft proprietary event logs, which are used only by Microsoft systems. Because Microsoft chooses not to natively support syslog, we will discuss what you can do to make the best use of the Windows event logs. In addition to configuring and generating the logs, we will show you how to analyze the logs and create notifications for significant events.
Windows event logs are broken up into six major categories:Application, Security, and System; and on domain controllers: Directory Service, DNS, and File Replication. You can view...
