• Welcome to Tux Reports: Where Penguins Fly. We hope you find the topics varied, interesting, and worthy of your time. Please become a member and join in the discussions.

EventForwarding

F

fwall4

Flightless Bird
Hello: Today I noticed a new entry in the Event Viewer named
"Microsoft-Windows-Forwarding/Operational". When I clicked on "Properties" it
shows C:/WINDOWS\system32\config\EventForwarding-Operational.Evt
Can anyone explain what this means and if I can remove it from the Event
Viewer?
I downloaded Window Live Photo Gallery but I don't know if this is the cause.
I appreciate your reply. Fred
 
V

VanguardLH

Flightless Bird
fwall4 wrote:

> Hello: Today I noticed a new entry in the Event Viewer named
> "Microsoft-Windows-Forwarding/Operational". When I clicked on "Properties" it
> shows C:/WINDOWS\system32\config\EventForwarding-Operational.Evt
> Can anyone explain what this means and if I can remove it from the Event
> Viewer?
> I downloaded Window Live Photo Gallery but I don't know if this is the cause.
> I appreciate your reply. Fred


Any program (as long as it can use admin privileges to update the
registry) can add an event "category" or log under which those type of
events get logged. Look in the registry at:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog


http://msdn.microsoft.com/en-us/library/bb427443(v=VS.85).aspx
http://msdn.microsoft.com/en-us/library/bb870973(VS.85).aspx

http://www.windowsecurity.com/articles/Centralized-Auditing-here-FREE.html

You event logs are getting sent or collected to somewhere else. Ask the
IT folks at your company why they want these logs.
 
F

fwall4

Flightless Bird
"VanguardLH" wrote:

fwall4 wrote:
Hello: Today I noticed a new entry in the Event Viewer named
"Microsoft-Windows-Forwarding/Operational". When I clicked on "Properties"
it
shows C:/WINDOWS\system32\config\EventForwarding-Operational.Evt
Can anyone explain what this means and if I can remove it from the Event
Viewer?
I downloaded Window Live Photo Gallery but I don't know if this is the cause.
I appreciate your reply. Fred

Any program (as long as it can use admin privileges to update the
registry) can add an event "category" or log under which those type of
events get logged. Look in the registry at:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog


http://msdn.microsoft.com/en-us/library/bb427443(v=VS.85).aspx
http://msdn.microsoft.com/en-us/library/bb870973(VS.85).aspx

http://www.windowsecurity.com/articles/Centralized-Auditing-here-FREE.html

You event logs are getting sent or collected to somewhere else. Ask the
IT folks at your company why they want these logs.

Hi VanguardLH: Thanks for your reply. I deleted the registry and that
cleared the entry in the Event Viewer. I appreciate your help. Fred
 
Top