*** Welcome to piglix ***

Windows Event Log

Event Viewer Log
A component of Microsoft Windows
Eventvwr icon.png
Windows XP Event Viewer.png
Event Viewer in Windows XP
Details
Type Utility software
Included with Windows NT and all its successors
Service name Windows Event log (eventlog)
Description This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata.

Event Viewer is a component of Microsoft's Windows NT line of operating systems that lets administrators and users view the event logs on a local or remote machine. In Windows Vista, Microsoft overhauled the event system.

Due to the event viewer's routine reporting of minor start-up and processing errors (which do not in fact harm or damage the computer), the software is frequently used by technical support scammers to convince users unfamiliar with Event Viewer that their computer contains critical errors requiring immediate technical support. An example is the "Administrative Events" field under "Custom Views" which can have over a thousand errors or warnings logged over a month's time.

Windows NT has featured event logs since its release in 1993. Applications and operating-system components can use this centralized log service to report events that have taken place, such as a failure to start a component or to complete an action.

The Event Viewer uses event IDs to define the uniquely identifiable events that a Windows computer can encounter. For example, when a user's authentication fails, the system may generate Event ID 672.

Windows NT 4.0 added support for defining "event sources" (i.e. the application which created the event) and performing backups of logs.

Windows 2000 added the capability for applications to create their own log sources in addition to the three system-defined "System", "Application", and "Security" log-files. Windows 2000 also replaced NT4's Event Viewer with a Microsoft Management Console (MMC) snap-in.

Windows Server 2003 added the AuthzInstallSecurityEventSource() API calls so that applications could register with the security-event logs, and write security-audit entries.

Versions of Windows based on the Windows NT 6.0 kernel (Windows Vista and Windows Server 2008) no longer have a 300-megabyte limit to their total size. Prior to NT 6.0, the system opened on-disk files as memory-mapped files in kernel memory space, which used the same memory pools as other kernel components.


...
Wikipedia

...