Windows Vista, 7 and above segregate logs into 2 categories: “Windows Logs” and “Application and Services” logs.
- Application log: The application log contains events logged by applications. For example, a database program might record a file error in the application log. Application developers decide which events to monitor.
- Security log: The security log can contain valid and invalid login attempts, as well as events related to resource use, such as creating, opening, or deleting files or other objects. For example, if you’re using the User Manager for login and logout auditing, the security log records attempts to log into the system. The administrator of the computer chooses what the security log monitors.
- Setup log: The Setup log contains events related to application setup.
- System log: The system log contains events logged by system components. For example, the system log records when a driver or other system component (like a service) fails to load during startup. The operating system predetermines the type of events that are recorded.
- ForwardedEvents log: The ForwardedEvents log stores events collected from remote computers.
Application and Services logs
Applications and Services logs are new in Windows 7 and Vista. These logs contain events from single programs or components rather than events that impact the entire system. There are five types of Applications and Services logs:
- Admin : These logs record problems that directly affect end users and have well-defined solutions.
- Operational : These logs record events that aren’t necessarily problems, but are simply records of occurrences (e.g., when a peripheral such as a printer is installed).
- Analytic : Analytic logs record problems that Windows notes, but that most users will not be able to solve easily on their own. They tend to record specialized issues with Windows, such as providing debugging information for problems with enabling and using the Encrypted file system, or issues with missing elements of the user interface.
- Debug : Debug events are records of problems that programmers can use for troubleshooting.
- Internet Explorer: This application log appears only when Internet Explorer 7 or later is installed; for the majority of users it remains empty and can be ignored.