THM Room: Windows event logs

Introduction

What?

Windows Event Logs and the tools to query them.

Why?

To understand the activity of the system, diagnose problems, and to combine log file entries from multiple sources with statistical analysis, to yield correlations between seemingly unrelated events on different servers.

How?

• Event logs

• XPath queries

• Scenarios