- Error: significant problem like data loss
- Warning: Potentially serious problem, but not necessarily. Something requiring further investigation.
- Information: More for debugging purposes.
- Success Audit: Successful security event. Could be malicious.
- Failure Audit: Opposite of above. Could be benign.
Application Logs
- Pretty self-explanatory.
- Not all applications choose to log via the Event Viewer
- This should be checked before assuming
- Often applications create their own logs
- Contains records of:
- Valid and invalid logon attempts
- Events related to resource usage:
- Creating files or objects
- Opening files or objects
- Deleting files or objects
- The Local Security Policy will allow you to obtain more information about what can be logged
Other Built-In Logs
- System: Drivers and hardware, if they follow the Windows API, generate events that get logged in this category
- Setup: Windows Update logs here and everything that happens during installation.
- Depending on the machine, could also have domain controller or DNS logs, etc.
 |
| Windows Event Viewer – Logins |
 |
| Windows Event Viewer – SQL logs |
 |
| Windows Event Viewer – Office Logs |