Create Event Log Archive

Download PDF

The CommandCTRL application includes a number of Agent tools that provide you with just-in-time insight into the state of an end user's machine. One of these is Event Logs Archive, which provides all the event logs on a machine for Application, Security and System. To generate one of these archives, complete the following steps:

  1. In the side navigation panel, go to Inventory > Machines.
  2. On the Machines screen that appears, locate, and click the name of the machine for which you want to generate the Event log archive.
  3. In the side navigation panel, click the Diagnostics link.
  4. On the screen that opens, locate the Event Logs widget.
  5. In the Event Types field, select the event log type that you want to archive:
    • Application: The Windows Application Event Log records events from applications and services running on the system, including messages, warnings, errors, and critical notifications. It's used by administrators to troubleshoot issues, track software behavior, and diagnose problems affecting application performance and system stability.
    • Security: The Windows Security Event Log is a critical component of the Windows operating system, dedicated to recording security-related events such as authentication attempts, resource access, and security policy changes. It provides administrators with insights into system security, enabling them to monitor user activity, detect unauthorized access attempts, and investigate security incidents. By analyzing event details such as event type, timestamp, and user identity, administrators can effectively identify security threats, enforce security policies, and safeguard the integrity of the Windows environment.
    • System: The Windows System Event Log is an essential part of the Windows operating system, responsible for logging events related to system operation and hardware/software components. It records information about system startup, shutdown, device driver failures, and other system-level events. System administrators rely on this log to troubleshoot issues, diagnose hardware and software failures, and monitor system health. By analyzing event details such as event type, timestamp, and source component, administrators can efficiently identify and resolve system-related problems, ensuring the smooth operation and reliability of the Windows environment.
  6. Click the Archive button to view the archive.
  7. When the report is generated, click the (Download Report) button to the right of each archive you want to download to your computer.

    The following is an example of what an Event Viewer archive looks like.

To view a windows event log archive on a MAC OSx you have a few options.

  1. Use an Online Windows Event Viewer - https://www.gigasheet.com/
  2. Download a MAC application from the App Store called “EVTX Reader”.