Security (Secevent.evt)
Application (appevent.evt)
System (Sysevent.evt)
| Event viewer is a MS Management Console snap-in supplied with Windows XP and allows you to review and archive these three event logs. You can also view these logs to identify problems with installed components. If a device has failed, a disk has filled close capacity, a program has crashed repeatedly, or some other critical difficultly has arisen, the information recorded in the event logs can help you. Watching the event logs can also help you spot serious problems before they occur. For example if a network adapter is failing intermittently or a network cable is improperly connected, you might begin to see items in the event log showing frequent disconnections from and reconnections to the internet or network. You can also use the Security Log to track such things as unsuccessful logon attempts or attempts by users to read files for which they lack access privileges. Event viewer works the same in Home Edition or Professional edition. In Windows XP Home edition, only certain predefined events are recorded in the Security log. Lets look on how to can view these logs.
|
Click on "START" then go to "Control Panel" now double click on "Administrative Tools" Icon 
a Window will open like this;
Now double click on "Event Viewer" Icon. 
You will now see a window like this:
Single clicking on a Log in the left pane opens that log. Events are classified by "Type"
 Information |
 Warning: Should be Checked |
 Error: Must be Checked |
Information: These are other events that Windows XP logs. Examples of information events include someone using a printer connected to your computer and a successful dial-up conection to your ISP
Warning: Should be Checked: These events represent less significant or less immediate problems than error events. Examples of warning events include a nearly full disk, a timeout by the network redirector, and data errors on a backup tape, or hard drive.
Error: Must be Checked: These events that represent possible loss of data or functionality. Examples of errors include events related to a malfunctioning network adapter and loss of functionality caused by a device or service that doesn't load at startup.
Security events are recorded in the Security Log, (Secevent.evt), Monitoring these events is called auditing The Application and System logs record application events and system events respectively. System events are generated by Windows XP itself and by installed components, such as device drivers. If a driver fails to load when you start WIndows XP session, for example, that event is recorded in the System Log.
If you want to know about the elements of your system generate events and where those events are recorded, use Registry Editor (Start | Run | Type in Regedit hit OK) to open up the following registry key: HKLM\System\Current\Services\Eventing. Then inspect the sub keys Application, Security, and System. Each entity capable of generating an event has a sub key under one of those three keys.
If you plan to monitor the events on your system for a
longer time, you should reconfigure the Event-Log by
displaying the Event-Log Properties:
To do this click on the "Properties" of the log.
The default values limit the size of the Event log file and will overwrite events after 7 days
I suggest to increase the size of the Event log file
(to several MBytes) and to define to "overwrite
events as needed" : This will keeps the entries in the
Event Log, until the file has reached the maximum
size and then it will start overwriting the oldest
event log entries.
