FW: [logs] "Missing" Microsoft Event Log events Nov 05 2007 09:48PM
Tina Bird (tbird precision-guesswork com)

> The Events and Errors message center is not updated regularly
> (it's interrupt-driven, not polling). It is also possible
> that the Certificate Server events were never delivered to
> EEMC; in the source code they are in a separate file than the
> other security event log events and might have been
> overlooked. I will attempt to get that updated.

Thanks. I'm out of town for a few days, but I'm going to be trying to get
some work done during that time; and in any event, when I get back I'm going
to be poking at the CA logging with a friend of mine who's doing some cert
infrastructure consulting, so I will have the chance to get far more

> A KB article containing a comprehensive list of Vista events
> by subcategory has already been submitted to technical edit
> and the WS08 article will be submitted closer to RTM.

Good to know. I just hope I'm done documenting the older systems before the
latest ones are in widespread use ;-)

> The certificate server events are kind of a special case;
> they appear to have been added after the main event message
> file was finalized. They are governed by the "object access"
> event category (this is improved in WS08 and we have a
> separate subcategory just for these events). I believe that
> you might also need to enable something in the Certificate
> Server user interface to generate these events.

Okay. I know we've discussed before the difference between OS logging (which
almost always goes to the Event Log service) and application logging, which
even for Microsoft's own apps may or may not go to the Event Log. If you
have links to any documentation that summarizes enterprise applications that
do *not* use the Event Log (off the top of my head I'm thinking of IIS and
IAS, but I know there are more, because even on my workstation a "find" for
files named *log* comes up with way more entries than I expected), please
let us know. [And my apologies for that appallingly constructed sentence.]

cheers -- tbird
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus