Help Center/ Elastic Cloud Server/ Best Practices/ Maintaining and Monitoring ECSs/ Viewing and Using Windows ECS Logs
Updated on 2025-08-07 GMT+08:00
View PDF
Share

Viewing and Using Windows ECS Logs

Scenarios

In Windows ECSs, viewing and using logs is an important part of system management and troubleshooting. Windows uses the built-in Event Viewer to record system, application, and security events. You can monitor system performance, diagnose problems, understand system status, and perform security audits based on the recorded logs.

Windows system logs are classified into the following types:

  • System logs
  • Application logs
  • Security Log
  • Applications and services logs

This section uses Windows Server 2022 as an example to describe how to view and use system logs, application logs, security logs, and applications and services logs.

Viewing Logs in Event Viewer

  1. Remotely connect to the Windows ECS.

    The VNC login is used as an example here.

  2. Choose Start > Run. In the Run dialog box, enter eventvwr.

  3. Click OK. The Event Viewer window is displayed.

  4. View the following four types of logs in Event Viewer.

    1. System logs

      Record events (such as hardware faults and driver problems) generated during the runtime of the operating system.

    2. Application logs

      Record application and service events, such as errors and crashes at runtime of specific applications.

    3. Security logs

      Record security-related events, such as user login, permission change, and resource access.

    4. Applications and services logs

      Unlike standard Windows logs (such as system logs, application logs, and security logs), applications and services logs focus on capturing events generated by specific applications or services. These logs are usually irrelevant to the core functions of the operating system, but they are very useful for troubleshooting and performance tuning of specific applications, services, or functions.

Modifying Log Properties

  1. Open Event Viewer. In the navigation pane on the left, choose Windows Logs.
  2. In the middle list, right-click a log name and choose Log Properties.

  3. In the Log Properties dialog box, modify the following properties as required:

    • Log path
    • Maximum log size
    • Action to be taken when maximum event log size is reached

      The default maximum size of each event log file is 20 MB. Once the log file reaches this size, the oldest events are automatically deleted to free up space for new events. This means that the log file will be overwritten cyclically to maintain a relatively constant size.