Home »
Windows
»
Windows Programs
Comments
Read the article that everyone's commenting on.
Subscribe to the RSS Feed for comments on this article.
EVENT VIEWER
Hi my name is Brian Miller from North Shields in the UK. I have only just recently discovered the event viewer and as you can imagine I have not got a clue what it all means. The only thing that stands out to me as being not right is in the security part. I would have thought that the only name listed on the USERS section, would be my own BRIAN MILLER. Instead of that the names listed as users are as follows:
SYSTEM, NETWORK SERVICE, LOCAL SERVICE, BRIAN MILLER, and ANONYMOUS LOGON, does this look as it should?
The one listed out of all that’s got me worried is ANONYMOUS LOGON. On close inspection via properties reads as follows:
------------------------------------------------
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 3/3/2005
Time: 1:31:04 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: BM-INTERNET-PC
Description:
Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0x1737C)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-000000000000}
------------------------------------------------
Can anyone please advise me?
Many thanks in advance, regard…Brian Miller.
================================================
Web Site: http://brianmiller.batcave.net/
E-Mail: mr_brianmiller@hotmail.com
================================================
Hi Leo,
I don't have an EVENTLOG Service at all. WinXPpro with SP2.
I discovered this when attempting to install Diskeeper. It would not install.
Every time I click on say "Application" or "Security" or "System" in the event viewer, I get an error. "Unable to complete the operation on "Application/Security/System". the interface is unknown."
The .EVT files are there. I even copied some from another pc. But still the same error.
Any ideas?
Thanks,
Tony
I'd check to make sure the event managing service is running. Right click on My COmputer, select Manage, expand Services and Applications, Select Services, double click on "Event Log". Make sure that the startup type is set to "Automatic". You can hit "Start" also to start it up if it's not running.
Posted by: Leo at April 4, 2005 7:40 PMHi Leo,
What I meant was there is no 'Event Log' service. IE, when I do what you say to do here, there is no service there to start up!
So its totally missing from my list of services.
And in the 'event viewer' there are three events I can see,
Application
Security
System
But when I click on them I get the error I mention.
Probably because there is no EVENT LOG service, so it can't be switched on.
Now I can't think how it got lost. So I was wondering whether you knew how to reinstall that service. Or is there a commandline that I can use to switch it back on.
I have googled this for hours without finding anything. Except other people with the same problem.
Cheers,
Tony
Wow. I'm surprised XP runs without it. I would try the system file checker first http://ask-leo.com/what_is_the_system_file_checker_and_how_do_i_run_it.html
Posted by: Leo at April 5, 2005 9:13 PMMe too.
I've come across half a dozen people reporting this same problem. but no answers.
I had tried sfc already. It certainly replaced all the system files. But didn't fix the problem.
I think the errorlog might be running in the background somewhere because I used PROCESS EXPLORER and it has this line:
HKLM\SYSTEM\ControlSet001\Services\Eventlog
But I don't have the eventlog listed as a service, I can't actually view the event logs in the viewer.
I first noticed this when I tried to install Diskeeper.
Clearly, something has done this. SP2, or ??
Diskeeper installation reports that "the Diskeeper Service failed to start. Verify that you ahve sufficient privileges to start system services."
But I am the administrator. Something has fooled with my services. But I'm at a loss to know what. And I so hate to reinstall....
Thanks
tony
I have the same problem using Diskeeper...
Posted by: Phk at April 11, 2005 1:53 AMdoubt it is strictly an sp2 problem. i am experiencing the same problem on a windows 2000 box and a windows 2000 server box.
you can even navigate to c:\winnt\system32\config and see that the .evt logs are there and certainly not empty. (you can copy the file and open with wordpad to verify it's not empty.) even when i try to open this copied file through event viewer, it does not list anything, although at the top it says there are 6,223 events.
checked all my dependencies and did notice that the SNMP Trap Service was not started. still same problem after i started it.
Posted by: bst at April 11, 2005 2:25 PMI found this on the diskeeper 1920 error.
http://a9.com/XP%20eventlog%20service%20missing
It doesn't help me though.
My eventlog is still missing. Although I can see the diskeeper services trying to start if you follow the article through.
It may not be an SP2 problem. I only noticed it after I installed SP2.
Like you bst, I can see the logs. Open them in notepad etc. But I cannot view them in the EVENT VIEWER. I get an INTERFACE IS UNKNOWN error.
I cannot see an SNMP Trap Service.
This install is only a month old. That's what's got me bushed.
Ah, sorry about that url. Its this one.
http://www.softwareshelf.com/files/supportFAQView.asp?ID=1482
Subscribe to the RSS Feed for comments on this article.
To post a comment on "What is the Event Viewer, and should I care?", please return to that article's main page.