Event logs are used for investigating issues with applications or the system itself, and for auditing system usage. For example, if a Forsta Plus installation fails it will log an error in the application log stating why it failed. Forsta Plus will also create its own event log on servers where it is installed, where errors from modules using the .NET Framework will be logged (in addition to being sent via email to the configured EmailRecipient.)

The size of the event logs can be increased to provide a longer backlog for events on the system.

Secure Event Log Viewing

Default configuration allows guests and null logons the ability to view event logs (system, and application logs.) The Security log is protected from guest access by default, though it is viewable by users who have “Manage Audit Logs” permission. The Event log services use the following key to restrict guest access to these logs:

HKEY_LOCAL_MACHINE\SYSTEM
CurrentControlSet\Services\EventLog\[LogName]
RestrictGuestAccess: REG_DWORD: 1