Chapter 6. Using PowerShell to audit user logon events
Mike F. Robbins
Event logs are special files on Windows-based workstations and servers that record system activity. Do you want to know if there’s a problem with your Windows-based servers? Almost anything you’d want to know about what has occurred on your servers, whether an informational event, a warning, an error, or a security event, is contained in the event logs. When’s the last time you took a look at all of the event logs on each of your servers?
Beginning with Windows Vista and Windows Server 2008 the event logs were redesigned in an XML-based log format, and newer operating systems such as Windows Server 2012 can contain over 200 different event logs, depending on what roles ...