Windows Event Logs
The Windows OS is generating and capturing a number of internal (Windows Apps, services) and external or third party Events.
The Windows Event logs are incredibly useful when dealing with end-points and devices for troubleshooting actual problems and alerting to other details or issues that might impact your service and up-time needs.
Applied in the Home Lab
I’ve been using the new version 5 of Blue Iris which is a Security Camera software server that has some robust features such as being able to use many different camera types. This is was a great transition for me as the Amcrest NVR I had purchased really couldn’t keep up with the 3-4-5MegaPixel cameras that were installed and BlueIris really appealed to me to correct that.
However, we’re not hear to write about Blue Iris except for how I used Gravwell to capture all the Windows Event logs from the Blue Iris Host Windows 10 machine and was able to see that not all was OK with the Application.
As the Blue Iris application runs as a Windows Service, I was using it on a an i7 machine without a monitor – this also meant that I wouldn’t notice until I really checked the feeds if the service / computer was up and not locked up. Which incidentally has happened a few times now.
Off to the Well; Gravwell Docs and Blog
The team at Gravwell is doing a very stellar job at building out the parts and pieces to help get people moving. This is a huge deal for anyone trying to implement and adopt different technologies. While I don’t think software is incredibly difficult – I am learning about a few different parts at one time while I’d also like to just get some data to start – and their blogs and docs have been really awesome.
For Example: https://www.gravwell.io/blog/gravwell-and-windows-event-logging
Configured and Collecting
Once configured and collecting and I would use the search queries to find the Events Logs referencing the host and the Blue Iris App — Here come the details;
The Blue Iris App is crashing and it’s telling the story sometimes multiple times a second and millisecond.
I am working on the notes and details of more to come with Gravwell and more for Windows Event Log Forwarding – however for now – here we have a great example of building a data collector and capture for review and analysis.
Most importantly. It’s been easy to use, the documentation from Gravwell is solid and the team has been supportive via Social Media and the Feedback/Support requests I’ve had. They’ve been responsive and the quality of answers has been incredible.