All Products
Search

This Product

    Elastic Compute Service:Learn about and use the logs of Windows instances

    Document Center

    Elastic Compute Service:Learn about and use the logs of Windows instances

    Last Updated:Aug 12, 2024

    Windows logs monitor events that occur in the system and record hardware, software, and system issues. When an Elastic Compute Service (ECS) instance is attacked or an issue occurs on an application, you can pinpoint the issue based on logs. This helps improve work efficiency and instance security. This topic uses Windows Server 2022 as an example to describe how to use system logs, application logs, security logs, and application and service logs.

    Background information

    Windows logs can be divided into the following types:

    • System logs

    • Application logs

    • Security logs

    • Application and service logs

    View logs in Windows Event Viewer

    Note

    Windows system logs are enabled by default. You can view the logs in Event Viewer after connecting to the instance.

    To view logs in Event Viewer, perform the following steps:

    1. Connect to the Windows instance.

      For more information, see Connect to a Windows instance by using a password or key.

    2. Choose Start > Run. In the Run dialog box, enter the eventvwr command and click OK to open Event Viewer.

    3. View the following types of logs in Event Viewer:

      Note

      You can use event IDs to search for solutions to the log events found by using the log-viewing methods described in this topic in the Microsoft Knowledge Base.

      System logs

      System logs contain events logged by Windows system components. For example, the failure to load a driver or other system components during startup is recorded in a system log. The types of system log events are predetermined by Windows.

      Application logs

      Application logs contain events logged by applications. For example, a database program can record a file error in an application log.

      Security logs

      Security logs record valid and invalid logon attempts and events related to resource use, such as creating, opening, or deleting files or other objects. You can specify the types of events to be recorded in security logs. For example, if you enable logon auditing for an instance, logon attempts are recorded in security logs.

      Application and service logs

      An application and service log is a new type of event log. Application and service logs contain events from a single application program or component rather than events that can affect the whole system.

    Modify the log path and back up logs

    To modify the log path and back up logs, perform the following steps:

    1. In the left-side navigation pane of Event Viewer, click Windows Logs.

    2. In the right-side list, right-click a log name and choose Properties from the shortcut menu.

    3. In the Log Properties dialog box, modify the following parameters based on your business requirements:

      • Log path

      • Maximum log size (KB)

      • When maximum event log size is reached

        Note

        By default, logs are stored in the system disk. The default value of the Maximum log size (KB) parameter is 20480, which is equal to 20 MB. If the limit is reached, older event logs in the log file are overwritten. You can configure this parameter based on your business requirements.