Question

Creating a Custom View in Microsoft Windows Event Viewer

Microsoft Windows Event Viewer also can be used to create custom logs and collect copies of events from different systems. In this project, you use the Event Viewer to create a custom log.

1. 1

   If necessary, launch Event Viewer by clicking Start and then typing Administrative Tools in the Search programs and files box. Click the Administrative Tools folder and then double-click Event Viewer.

2. 2

   In the right pane entitled Actions, click Create Custom View.

3. 3

   Under Logged click the drop-down arrow next to Any time. Several options appear of times to log the events. Click Custom range and note that you can create a specific period to log these events. Click Canceland be sure the Logged setting is Any timeto capture all events.

4. 4

   Under Event level, check each box (Critical, Error, Warning, Information, Verbose) to capture all levels of events.

5. 5

   Under By source, click the radio button if necessary and then click the drop-down arrow next to Event sources. Scroll through the list of sources that can be used to create a log entry.

6. 6

   For this custom view, instead of selecting specific sources, you will use log entries collected from default logs. Under By log, click the radio button if necessary and then click the drop-down arrow next to Event logs.

7. 7

   Click the > sign by Windows Logs and Applications and Services Logs. Any of these logs can be used as input into your custom logs. Click the box next to Windows Logs to select all the available Windows logs.

8. 8

   You also can include or exclude specific events. Be sure that <All Event IDs> is selected.

9. 9

   Next to Keywords select Classic.

10. 10

    Next to User be sure that <All Users> is selected so that any user who logs in to this system will have log entries created.

11. 11

    Your completed dialog box will look like that shown in Figure 7-11. Click OK. If an Event Viewer dialog box appears, click Yes.

    Figure 7-11

    Create Custom View dialog box

12. 12

    In the Save Filter to Custom View dialog box, next to Name, enter All Events.

13. 13

    Next to Description, enter All Events. Click OK.

14. 14

    In the left pane under Event Viewer (Local), double-click Custom Views if necessary to display the custom view. Display your view by clicking on it.

15. 15

    Close Event Viewer and all windows.

16. 16

    Reboot the system.

17. 17

    If necessary, launch Event Viewer by clicking Start and then typing Administrative Tools in the Search programs and files box. Click the Administrative Tools folder and then double-click Event Viewer.

18. 18

    In the left pane under Event Viewer (Local), double-click Custom Views if necessary to display the custom views. Display your view by clicking it. What new events have occurred?

19. 19

    Close all windows.

20. please take screenshots of all the steps and answer all the following questions

Answer 1

Step 2

************

Step 3 - 4
**********

Step 5
***********

Step 6 - 7
**************

Step 8
************

Step 9
***********

Step 10 - 19
***********************

Thanks