Description:

This service tracks events and logs them, which makes it easier to diagnose cause of problems:

• System log: Contains events from the Windows Operating System, usually a good place to look for a reason when a the system is acting funny
• Security log: Contains events from the Audit watches, usually good place to see if someone is attacking your machine
• Application log: Contains events from application, usually good place to see 3rd party application events (Though Windows also uses this log)
• Directory service log (Win2k3): Contains events from the Windows Active Directory Service
• File Replication service log (Win2k3): Contains events from the Windows File Replication service
• DNS server log (Win2k3): Contains events from the DNS Server Service

The Event Viewer can be used to view the different logs. Start it through the Control Panel -> Administrative Tools -> Event Viewer.

Note one can change the location of the log-file for each eventlog:

[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \Eventlog \LogName]
File = "C:\Foo\LogName.Evt"

Related Restrict guest access to event logs

More Info EventId.net
More Info Events and Errors Message Center
More Info MS KB172156
More Info MS KB302542
More Info MS KB308427
More Info MS KB315410

Recommended State:

• Automatic

Default State:

• Automatic

Process Name:

• services.exe (Eventlog)
• Vista/Win7: svchost.exe -k LocalServiceNetworkRestricted (Eventlog)

Supports:

• File Replication (Win2k/Win2k3 name)
• Directory Replicator (WinNT4 name)
• Task Scheduler (Vista+)
• Windows Event Collector (Win7+)
• Windows Management Instrumentation (WinXP/2k3 only)

Depends:

• none