If you aren't familiar with Windows NT's event logs, take a quick
look at NT's built-in Event Log viewer. You can run Event Viewer on NT 4.0 from
the Start menu by selecting the Program option and then the Administrative Tools
(Common) option. The Event Viewer option on the Administrative Tools submenu
starts NT's Event Viewer. Screen A shows a sample system Event Log through Event
Viewer.
Event Viewer lets you view the NT Event Log for either a local or remote NT
system. In Screen A, you can see each event. A color signals its priority:
Yellow is for a warning event, blue signals an informational event, and red
signifies a warning event. Event Viewer also shows the date and time the event
was generated and the event ID, the user, and the computer on which the event
was generated.
The three types of NT event logs are:
* System log, which tracks miscellaneous system events (for
instance, the system log tracks events during system startup and hardware and
controller failures)
* Application log, which tracks application-related events (for
instance, some applications generate informational messages that appear as
entries in the Application Event Log; application errors such as failing to load
a DLL can also appear in the application log)
* Security log, which tracks events such as logon, logoff, changes
to access rights, and system startup and shutdown. However, by default, the
security log is turned off. To track security events with Network Security
Monitor, you must start NT event logging on the target remote systems. To enable
NT security logging, you must sign on with a user ID that has administration
rights. Then from the Start Menu, choose Program and then Administrative Tools
(Common). From the Administrative Tools submenu, choose User Manager, which
displays the User Manager window. Select Audit from User Manager's Policies menu
to display the audit dialog
Register
