Event Log

Configuration

Group Policy Management Console: Computer Configuration / Administrative Templates / Windows Components / Event Log Service /

Built-in log	Description and use
Application log	This log contains errors, warnings, and informational events that relate to the operation of apps such as Microsoft Exchange Server, the Simple Mail Transfer Protocol (SMTP) service, and other applications.
Security log	This log reports the results of auditing if you enable it. Audit events report success or failure depending on the event. For example, the log would report success or failure depending on whether a user was able to access a file.
Setup log	This log contains events that relate to application setup.
System log	Windows components and services log general events and classify them as errors, warnings, or information. The Windows operating system predetermines the events that system components log.
Forwarded events	This log stores events that Windows components collect from remote computers. To collect events from remote computers, you must create an event subscription.

Log subtype	Description
Admin	Admin logs are of interest to administrators and support personnel who use Event Viewer to troubleshoot problems. These logs provide guidance about how to respond to issues. The events found in the Admin logs indicate a problem and a well-defined solution upon which an administrator can act.
Operational	Events in the Operational log are also useful for IT professionals, but they’re likely to require more interpretation. You can use operational events to analyze and diagnose a problem or occurrence and to trigger tools or tasks based on the problem or occurrence.
Analytic and Debug	Analytic and Debug logs aren't user-friendly. Analytic logs store events that trace an issue, and they often log a high volume of events. Developers use Debug logs when they’re debugging applications. By default, both Analytic and Debug logs are hidden and disabled.