D
[Daniel Choi]
Hi, I had a question regarding the logistics of Windows Event Log.
I'm trying to build a service that depends on time, and am trying to use Windows Event Log's timestamps for specific events, mainly power-related events such as Restart/Shutdown/Dirty Shutdown and Time Changes.
I wanted to make sure however, that these times are always recorded and was experimenting with the service. I tried to disable the logging service by going to the service manager, and made it so the "Windows Event Log" Service doesn't start up. In fact, after doing so and restarting, I couldn't view Windows Event Viewer due to the logging service not running.
In the meantime, I changed the system time, restarted the device again, and finally turned the "Windows Event Log" service back on.
Checking the Event Viewer, I found a lot of errors, mainly event 10005, 7001, and a bit of 7023. This was expected, since with the log service not running, several other services would be impacted as well.
What I found surprising was that, among the long list of errors, I was able to find some information logs of event id 1074 and 1, which corresponded to the system restart and system time change.
So, my question is..
How does Windows Log these information (Restart, time change) when the Windows Event Log service is not running? Can I be safe to assume that these events will always be logged even if the Event Log service is not running?
Thank you.
Continue reading...
I'm trying to build a service that depends on time, and am trying to use Windows Event Log's timestamps for specific events, mainly power-related events such as Restart/Shutdown/Dirty Shutdown and Time Changes.
I wanted to make sure however, that these times are always recorded and was experimenting with the service. I tried to disable the logging service by going to the service manager, and made it so the "Windows Event Log" Service doesn't start up. In fact, after doing so and restarting, I couldn't view Windows Event Viewer due to the logging service not running.
In the meantime, I changed the system time, restarted the device again, and finally turned the "Windows Event Log" service back on.
Checking the Event Viewer, I found a lot of errors, mainly event 10005, 7001, and a bit of 7023. This was expected, since with the log service not running, several other services would be impacted as well.
What I found surprising was that, among the long list of errors, I was able to find some information logs of event id 1074 and 1, which corresponded to the system restart and system time change.
So, my question is..
How does Windows Log these information (Restart, time change) when the Windows Event Log service is not running? Can I be safe to assume that these events will always be logged even if the Event Log service is not running?
Thank you.
Continue reading...