How To Audit Windows 10 Application Logs

Introduction

The Audit feature in Windows 10 is a useful carryover from prior Windows versions. It allows Windows 10 users and administrators to view security events in an audit log for the purpose of tracking, system and security events. 

This primer article will detail what the Windows application log is and where it is viewed. In addition, we will explore the importance of logging and auditing, how to enable auditing on your Windows 10 system, and how to view the security event log. 

What is the Windows application log?

Windows has given users and administrators ongoing access to logs to better understand system and security events. The application log is used to record events written by applications and services. These applications may be proprietary/commercial applications (including SQL Server) and applications developed by your organization. 

Events that can be logged include a whole host of application events, from application startup events to run-time error events. Support specialists may request access to your application log to help them assess an application issue.

Where can you find the application log?

Microsoft has carried over Event Viewer to Windows 10. To easily access Event Viewer, type “Event” into the Windows 10 Cortana search bar, then click on “Event Viewer” when it appears in your search results. After Event Viewer opens, select “Windows Logs” from the console tree on the left-hand side, then double-click on “Application” in the console tree. Your Windows 10 application log will appear.

The application log will record certain information about application events. This information includes:

  • Log name
  • Source
  • Event ID
  • Level
  • User
  • The time that the event was logged

What events does it typically record? Here is a list of typically recorded events:

  • Applications starting
  • Application exceptions
  • SQL logs
  • Major application events including restarts, stopping and other (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/1yNCj_9SeLU/