Windows NT Event Logs

If you aren't familiar with Windows NT's event logs, take a quicklook at NT's built-in Event Log viewer. You can run Event Viewer on NT 4.0 fromthe Start menu by selecting the Program option and then the Administrative Tools(Common) option. The Event Viewer option on the Administrative Tools submenustarts NT's Event Viewer. Screen A shows a sample system Event Log through EventViewer.

Event Viewer lets you view the NT Event Log for either a local or remote NTsystem. In Screen A, you can see each event. A color signals its priority:Yellow is for a warning event, blue signals an informational event, and redsignifies a warning event. Event Viewer also shows the date and time the eventwas generated and the event ID, the user, and the computer on which the eventwas generated.

The three types of NT event logs are:

* System log, which tracks miscellaneous system events (forinstance, the system log tracks events during system startup and hardware andcontroller failures)

* Application log, which tracks application-related events (forinstance, some applications generate informational messages that appear asentries in the Application Event Log; application errors such as failing to loada DLL can also appear in the application log)

* Security log, which tracks events such as logon, logoff, changesto access rights, and system startup and shutdown. However, by default, thesecurity log is turned off. To track security events with Network SecurityMonitor, you must start NT event logging on the target remote systems. To enableNT security logging, you must sign on with a user ID that has administrationrights. Then from the Start Menu, choose Program and then Administrative Tools(Common). From the Administrative Tools submenu, choose User Manager, whichdisplays the User Manager window. Select Audit from User Manager's Policies menuto display the audit dialog