What is plainly Windows log files

[Osman84]

Log file is Windows System In a rather special document which records the Windows system, what happened, such as various System Services Startup, operation and closure of such information. Windows logs including applications, security, systems, parts, and its store path is "% systemroot% system32config", the application log, security log and system log file name corresponding AppEvent.evt, SecEvent.evt and SysEvent. evt. These documents are "Event Log (Event Log)" services, protection cannot be deleted, but can be empty. This is the basic information related to the window log files but I need more information related to this topic.

[Techguru01]

In the Windows system, view the log file is very simple. Click "Start → Settings → Control Panel → Administrative Tools →Event Viewer"In the Event Viewer window are listed in the left column contains the log of this machine type, such as applications, security, systems. See a log record is also very simple, in the left column to select a particular type of log, such as application program, and then in the right-hand column are listed in the log of all records of this type, double-click one of these records, pop-up "event Properties" dialog box, showing details of the record, so that we can accurately grasp the system took place in the end what was going on would not affect the normal operation of Windows, if there are problems, real-time search for exclusion.

[johnson22]

Windows log file default path is "% systemroot% system32config", we can modify theRegistryTo change its storage directory, to enhance the protection of the log.
Click "Start → Run" in the dialog box, enter "Regedit", carriage return after the pop-up the Registry Editor, expand "HKEY_LOCAL_MACHINE / SYSTEM / CurrentControlSet / Services / Eventlog", the following Application, Security, System several sub-items correspond to the application log, security log, system log.
Writer in the Application log, for example, be transferred to "d: \ cce" directory. Select the Application subkey, in the right column to find File button, the key for the application log file path "% SystemRoot% system32configAppEvent.Evt", it was revised to "d: cceAppEvent.Evt". Then, in D drive the new "CCE" directory will be "AppEvent.Evt" copy to the directory, restart the system to complete the application log file store directory changes. Other types of log file path to modify the same way, but under a different sub-operations.

[Jackson2]

Modify the log file storage directory, the log can still be empty, and the following log file by modifying the access permissions to prevent this to happen, the assumption that Windows system to be used NTFS file system format.

Right-click the D drive of the CCE directory, select "Properties", switch to the "Security" tab page, first place, remove the "Allow inheritable permissions from parent to propagate to this object" option checked. Then, in the list box, select the account "Everyone" account, only to give it "read" permission; and then click "Add" button to "System" account to the account list box, except to give "full control" and "modify the "other than all the permissions and finally click" OK "button. So that when users get rid of Windows log, it will pop up an error dialog.

[Techno01]

In Windows systems, we can use the Event Viewer System Log Viewer to open the computer, shut down records; this is becauseLog ServiceAlong with the computer will start on or off, and the record in the log. Here we would like to introduce two events ID "6006 and 6005." 6005 indicated that the event log service has started, if found in Event Viewer on a particular day of the event ID number for the 6005 event, it shows on this day started normal Windows. 6006 indicated that the event log service has stopped, if not found in the Event Viewer on a particular day of the event ID number for the 6006 event, it means that the computer does not shut down properly on this day, probably because the system or simply cut off the power supply lead to the reasons for not running properly the shutdown operation.

[Trio]

In the larger network, usually used DHCP Server Configure the client IP address information, if the client cannot find the DHCP server, it will automatically use an internal client IP address configuration, and generate a Windows event log ID number is 1007 events. If the user logs revealed that the number incident, stating that the machine cannot obtain information from a DHCP server, we should see is the machine issues a network failure or a DHCP server.