Windows NT defines five types of events that can be logged. All event classifications have well-defined common data and can optionally include event-specific data. The application indicates the event type when it reports an event. Each event must be of a single type. The Event Viewer uses this type to determine which icon to display in the list view of the log.
The following table describes the event types used in event logging.
| Event type | Description |
|---|---|
| Information | Information events indicate infrequent but significant successful operations. For example, when Microsoft® SQL Server™ successfully loads, it may be appropriate to log an information event stating that "SQL Server has started." Note that while this is appropriate behavior for major server services, it is generally inappropriate for a desktop application (Microsoft® Excel, for example) to log an event each time it starts. |
| Warning | Warning events indicate problems that are not immediately significant, but that may indicate conditions that could cause future problems. Resource consumption is a good candidate for a warning event. For example, an application can log a warning event if disk space is low. If an application can recover from an event without loss of functionality or data, it can generally classify the event as a warning event. |
| Error | Error events indicate significant problems that the user should know about. Error events usually indicate a loss of functionality or data. For example, if a service cannot be loaded as the system boots, it can log an error event. |
| Success audit | Success audit events are security events that occur when an audited access attempt is successful. For example, a successful logon attempt is a success audit event. |
| Failure audit | Failure audit events are security events that occur when an audited access attempt fails. For example, a failed attempt to open a file is a failure audit event. |
Selected activities of users on can be tracked by auditing security events and then placing entries in a computer's security log. To determine the types of security events that will be logged for the computer, use the Windows NT User Manager. For more information, look up "auditing" in the online help provided with the Windows NT User Manager.