Overview

Windows NT Workstation records events in three kinds of logs:

• The system log contains events logged by the Windows NT Workstation system components. For example, the failure of a driver or other system component to load during startup is recorded in the system log. The event types logged by system components are predetermined by Windows NT Workstation.

• The security log can contain valid and invalid logon attempts as well as events related to resource use, such as creating, opening, or deleting files or other objects. For example, if you use User Manager to enable logon and logoff auditing, attempts to log on to the system are recorded in the security log.

• The application log contains events logged by applications. For example, a database program might record a file error in the application log. Application developers decide which events to monitor.

System and application logs can be viewed by all users; security logs are accessible only to system administrators.

Enabling Security Logging

By default, security logging is turned off. To enable security logging, run User Manager to set the Audit policy.

Note

The Windows NT Workstation Resource Kit includes Crystal Reports Event Log Viewer, a full-featured report writer that provides an easy way to extract, view, save, and publish information from event logs in a variety of formats. For more information on Crystal Reports Event Log Viewer, see Readme.hlp in the \Crystal\Disk1 folder on the Windows NT Workstation Resource Kit 4.0 compact disc.