Windows Event Log

GPTKB entity

Statements (53)
Predicate Object
gptkbp:instanceOf event logging system
gptkbp:accessibleBy gptkb:wevtutil
gptkb:PowerShell
gptkb:Event_Viewer
gptkbp:API gptkb:Windows_Event_Log_API
gptkbp:category Computer security
Windows administration
gptkbp:developedBy gptkb:Microsoft
gptkbp:documentation https://learn.microsoft.com/en-us/windows/win32/eventlog/event-logging
gptkbp:enhancedIn gptkb:Windows_Vista
gptkb:Windows_Server_2008
gptkbp:exportedTo gptkb:EVTX
XML
CSV
gptkbp:features access control
tamper detection
log integrity
gptkbp:fileExtension .evtx
https://www.w3.org/2000/01/rdf-schema#label Windows Event Log
gptkbp:introducedIn gptkb:Windows_NT
2001
gptkbp:location %SystemRoot%\\System32\\winevt\\Logs
gptkbp:logTypes gptkb:software
Security
Application
Forwarded Events
Setup
gptkbp:numberOfLocations system events
security events
application events
gptkbp:operatingSystem gptkb:Microsoft_Windows
gptkbp:relatedTo gptkb:Windows_Error_Reporting
gptkb:Syslog_(comparison)
gptkb:Windows_Management_Instrumentation
gptkbp:replacedBy gptkb:Event_Logging_Service_(legacy)
gptkbp:successor gptkb:Event_Viewer_(legacy)
gptkbp:supports event filtering
event forwarding
event subscriptions
event archiving
XML-based log format
custom event logs
event auditing
gptkbp:usedFor compliance reporting
security monitoring
troubleshooting
system auditing
gptkbp:bfsParent gptkb:Windows_Hardware_Error_Architecture
gptkb:Azure_Antimalware_Extension
gptkb:FortiSIEM
gptkb:Windows_Server_containers
gptkb:Event_Viewer
gptkbp:bfsLayer 6