Which Event Log Events Should You Worry About?

When you are configuring your event log monitor settings, you need to decide which event log events you need to worry about. Event logs are generated for a wide array of processes, applications, and events. Logs will record both successes and failures. As such, you need to decide what data is most vital and needs your immediate attention.

Types of Event Logs

There are several types of event logs you can monitor, including:

  • Application Log

    – This event log will collect data from your applications.

  • Security Log

    – Any security type issue will be tracked in this event log.

  • File Replication Log

    – Events will be recorded related to the replication of files between domain controllers.

  • System Log

    – The system log records events related to the operating system and the devices the operating system controls.

  • DNS Server Log

    – This event log is only available if you use a DNS server for naming resolution.

  • Directory Service Log

    – If you use Active Directory (AD), then you will have a directory service log that records events related to AD.

 

Types of Events Recorded by Event Logs

Just like there are several different types of event logs, there are also several different types of events you can record based on the configuration of your server monitoring software, such as:

  • Warnings

    – Warnings are events that can be tracked and recorded that can alert you to potential problems before they become major issues—like when you are running out of disk space on a server.

  • General Information

    – These types of events are tracked to let you know devices, applications, and other processes have been successful. They will also let you know when a service has started, a driver loaded correctly, and so on.

  • Errors

    – Any errors that occur in the event logs you are monitoring will alert you to problems that need your immediate attention—like drivers not starting when they should.

  • Critical Errors

    – These types of errors mean something critical has gone wrong, such as a hard drive failing.

  • Security Log Failures

    – These events are related to security and should be reviewed immediately. They can be issues like unsuccessful logins, user account lockouts, and so on.

  • Security Log Successes

    – These events are also related to security and record success events, such as a user successfully logging onto a server.

 

Event Log Monitoring – Putting It All Together

The types of events you should be worried about are warnings, errors, or failures. These all indicate something is wrong. In some cases, they could even mean a potential hack and data breach. You need to develop an event log monitoring and audit plan to decide which events you want to configure, which ones are important, when to be alerted, and how alerts are delivered.

 

Keep in mind, there can be other types of events you will want to monitor, such as changes to user permissions, new account creation, account deletion, erasing of event logs, policy changes in AD, etc. These types of events could indicate you have a hacker or malware on your network.

 

The easiest way to configure your servers, monitor events, and customize what types of events you want to record, track, and be alerted to is to use PA Server Monitor. This monitoring software makes it easy to quickly set up monitoring.

 

Best of all, you don’t have to know where event logs are stored on the servers or how to access and review them. You just open your monitoring software desktop to configure, review, and access your event logs.

 

For further information about PA Server Monitor and our other server monitoring software or to request your FREE no-obligation, full-access 30-day trial, please feel free to contact Power Admin at 1-800-401-2339 today!

 


Posted

in

, ,

by

Tags: