18.1 Windows Event Log: An Overview

Windows event logging is a system service used by the Windows operating system to record the occurrence of system events. Events range from resource tracking of failing device drivers to security-related actions such as attempts to access files, directories, printers, or other system objects that are under audit control. The Windows security event log monitors events generated by system security and auditing processes.

By default, Windows Security Event Auditing is turned off.

The Windows Event Viewer is the primary tool for viewing the event logs found on Windows systems.