18-15LESSON 2 USING EVENT VIEWEREVENT ID THE EVENT ID NUMBER ASSOCIATE...

18 - - MICROSOFT PRESS MCSA MCSE SELF PACED TRAINING KIT EXAM 70 270 PHẦN 8 DOCX 18 - - MICROSOFT PRESS MCSA MCSE SELF PACED TRAINING KIT EXAM 70 270 PHẦN 8 DOCX
MICROSOFT PRESS MCSA MCSE SELF PACED TRAINING KIT EXAM 70 270 PHẦN 8 DOCX
18

-

15

Lesson 2

Using Event Viewer

Event ID The Event ID number associated with the event. Microsoft keeps track ofEvent IDs and often makes solutions to problems available in the MicrosoftKnowledge Base. To find out more about an event, use the Event ID as a keywordsearch in the Knowledge Base.Description A description of the event. The description often includes informa-tion on other services affected by the event and a link for finding out moreinformation.

How to Locate Events In a Log

When you first start Event Viewer, it automatically displays all events that are recordedin the selected log. Because many events occur on a computer running Windows XPProfessional, the number of events displayed can make it difficult to find the eventsyou are looking for. To change what appears in the log, you can locate selected eventsby using the Filter command. You can also search for specific events by using the Findcommand.To filter or find events, start Event Viewer, and then on the View menu, click Filter orclick Find. The options provided by Filter and Find are almost identical. Figure 18-9shows the options available on the Filter tab.

F18us09

Figure 18-9 You can apply a filter to make it easier to locate certain types of events.Table 18-2 describes the options for using the Filter tab to filter events and the Findcommand to find events.Table 18-2 Options for Filtering and Finding EventsOption DescriptionEvent Types The types of events to viewEvent Source The software or component driver that logged the eventCategory The type of event, such as a logon or logoff attempt or a system eventEvent ID An event number to identify the event. This number helps product sup-port representatives track events.User A user logon nameComputer A computer nameFrom And To The date ranges for which to view events (Filter dialog box only)Restore Defaults Clears any changes in this tab and restores all defaultsDescription The text that is in the description of the event (Find dialog box only)Search Direction The direction (up or down) in which to search the log (Find dialog box only)Find Next Finds and displays the next occurrence defined by the Find Settings (Find dialog box only)

Logging Options

You can configure the properties of each individual log. To configure the settings forlogs, right-click the log in Event Viewer, and then click Properties to display the Prop-erties dialog box for the log.Use the Properties dialog box for each type of audit log to control the following:

The maximum size of each log, which can be from 64 KB to 4,194,240 KB (4 GB).The default size is 512 KB.

The action that Windows XP Professional takes when the log fills up. To controlthis action, click one of the options described in Table 18-3.Table 18-3 Options for Handling Full Audit Log FilesYou might lose information if the log becomes full before you archive Overwrite Events As Neededit. However, this setting requires no maintenance.Overwrite Events Older Than X Daysit, but Windows XP Professional will lose only information that is at least x days old. Enter the number of days for this option. The default is seven days.Do Not Overwrite This option requires you to clear the log manually. When the log Eventsbecomes full, Windows XP Professional will stop, but no security log entries will be overwritten.