Event Viewer Log File Information

Event Viewer stores event information in three binary log files in the %SYSTEMROOT%\SYSTEM32\CONFIG directory:

• • APPEVENT.EVT—application log
• • SECEVENT.EVT—security log
• • SYSEVENT.EVT—system log

You can access the logs using the Win32 event logging API set. These APIs are documented on the Microsoft Development Library (MSDN) CD. The following functions are available:

• • BackupEventLog
• • ClearEventLog
• • CloseEventLog
• • DeregisterEventSource
• • GetNumberOfEventLogRecords
• • GetOldestEventLogRecord
• • NotifyChangeEventLog
• • OpenBackupEventLog
• • OpenEventLog
• • ReadEventLog
• • RegisterEventSource
• • ReportEvent