  1. When I take action in computer like opening a Word file - In general, what is the process the computer make from the moment I took this action until this action written as a log file in notepad file?
  2. I know that log files stored on the hard disk (c: drive), and from what I have known all logs written in notepad files and save in different folders in different locations in the c: drive. Why doesn’t all logs, at least the different folders, stored under 1 “big” folder for better organization and more comfortable access?
  3. If logs files never located in the same place in computer, how can i make sure that every time i use different system operation of Microsoft, i will know where the log files i want to find stored on ? I thought about going to event viewer of microsoft, going to details>xml and try to spot which folder storing the logs. But the problem that most of times i can’t see the path. For example, i go to Microsoft office alerts and find nothing. How can i find always the path to the logs ?
  4. If i make actions, i don’t see it the event viewer. how much long take that the event viewer synchronized with logs, and how the hell this program know to spot where the relevant logs located in the hard disk ?
  5. Do you know a way to boost the speed of synchronization between the event viewer or any other monitoring program between the log files?
  6. I believe that i can find my user id and the password for entering to the computer.Where can i find it, and what happen if edit it or delete it ?

That sounds more like application end2end monitoring, not really related to specific log and event monitoring. Especially those are windows events, nothing I would relate to Graylog in the first place.

I would move it to the Windows category, but I am not convinced that you’ll get lots of answers on this platform. A more Windows centric community forum will fit better.

