Windows Event Logs

URI: https://gptkb.org/entity/Windows_Event_Logs
GPTKB entity
Statements (50)
Predicate Object
gptkbp:instanceOf system log
gptkbp:accessibleBy gptkb:Event_Viewer
gptkbp:canBeAccessedProgrammaticallyBy gptkb:WMI
gptkb:wevtutil
gptkb:PowerShell
Windows API
gptkbp:canBeArchivedBy administrators
gptkbp:canBeBackedUpBy administrators
gptkbp:canBeFilteredBy gptkb:time_zone
digital media
source
log level
event ID
gptkbp:canBeForwardedTo SIEM systems
Windows Event Collector
gptkbp:contains system events
security events
application events
forwarded events
setup events
gptkbp:corruptedBy disk errors
gptkbp:developedBy gptkb:Microsoft
gptkbp:exportedTo gptkb:TXT
XML
CSV
gptkbp:fileExtension .evtx
https://www.w3.org/2000/01/rdf-schema#label Windows Event Logs
gptkbp:introducedIn gptkb:Windows_NT
gptkbp:location %SystemRoot%\\System32\\winevt\\Logs
gptkbp:logLevelsInclude gptkb:museum
Warning
Error
Critical
Verbose
gptkbp:numberOfLocations event records
gptkbp:predecessor Event Log (Windows 9x)
gptkbp:removes administrators
gptkbp:securityLogIsProtectedBy access control
gptkbp:supports event log retention policies
event subscriptions
custom event logs
log size limits
remote event collection
gptkbp:usedFor compliance reporting
troubleshooting
security auditing
system monitoring
gptkbp:usedIn gptkb:Microsoft_Windows
gptkbp:bfsParent gptkb:ArcSight_SmartConnectors
gptkbp:bfsLayer 7