If you aren't familiar with Windows NT's event logs, take a quick look at NT's built-in Event Log viewer. You can run Event Viewer on NT 4.0 from the Start menu by selecting the Program option and then the Administrative Tools (Common) option. The Event Viewer option on the Administrative Tools submenu starts NT's Event Viewer. Screen A shows a sample system Event Log through Event Viewer.

Event Viewer lets you view the NT Event Log for either a local or remote NT system. In Screen A, you can see each event. A color signals its priority: Yellow is for a warning event, blue signals an informational event, and red signifies a warning event. Event Viewer also shows the date and time the event was generated and the event ID, the user, and the computer on which the event was generated.

The three types of NT event logs are:

* System log, which tracks miscellaneous system events (for instance, the system log tracks events during system startup and hardware and controller failures)

* Application log, which tracks application-related events (for instance, some applications generate informational messages that appear as entries in the Application Event Log; application errors such as failing to load a DLL can also appear in the application log)

* Security log, which tracks events such as logon, logoff, changes to access rights, and system startup and shutdown. However, by default, the security log is turned off. To track security events with Network Security Monitor, you must start NT event logging on the target remote systems. To enable NT security logging, you must sign on with a user ID that has administration rights. Then from the Start Menu, choose Program and then Administrative Tools (Common). From the Administrative Tools submenu, choose User Manager, which displays the User Manager window. Select Audit from User Manager's Policies menu to display the audit dialog