Windows OS

How to Check the Security Event Log on Windows 10

Windows 10 comes with all the required features for all kinds of users. One such feature is “Event Viewer”, also called “Security Event Viewer”. The security event log contains all the events that are being occurred in the system. These logs can also help identify potential issues or security threats. Most users don’t know how to check the logs, especially the “security event logs”.

This guide highlights the approaches to check the “Security Event Logs” on Windows 10 by discussing the following aspects:

What is Windows “Security Event Logs”?

Microsoft Windows logs all the activities in the system on either the software or hardware. These logs are crucial for system security as they contain all the applications, security, DNS server, file relocation, and security logs.

A security log includes the following information:

  • Device Audit Policy
  • Login Attempts
  • Resource Access

The “Device Audit Policy” is a set of instructions determining which activities should be tracked and stored in a device’s security log. It can record login attempts and resource access in the security log. “Login Attempts” track any login activities, while “Resource Access” tracks any attempts to access or modify system resources. By checking the security log for these events, you can detect suspicious activities that may pose security risks and take necessary steps to prevent them.

Elements of Windows Security Event Log

The “Security Event Log” maintains the security-related information, including the suspicious activities that could harm the system. For example, repeated failed login attempts could indicate a hacking attempt; likewise, unauthorized access to sensitive files could suggest a potential data breach. Reviewing the “Security Event Log” is recommended to identify any suspicious events that can be achieved with the help of the following elements of the Windows Security Log:

  • Date/Time of the Event.
  • A Unique Event ID.
  • The Source From Where the Event was Generated.
  • Event’s Category
  • User Related to the Event.
  • The System’s Name.
  • A Detailed Description.

How to Check “Security Event Log” on Windows 10?

To check the “Security Event Log” on Windows 10, follow these steps:

Step 1: Open “Event Viewer”

First, press the “Windows + X” shortcut keys and click on the “Event Viewer” from the menu:

Step 2: Select “Windows Logs”

From the “Event Viewer” window, click on “Windows Logs” and select “Security” to view the logs:

Step 3: View Security Event Log

Right-click on the event you want to view and click on “Properties”. From the new window, all the information like log path, log size, creating, modifying, and access times can be shown:

Below is an example in which the event is a read operation performed on the stored credentials. Also, more information can be viewed by clicking on the “Event Log Online Help” link, as follows:

The “Audit Success” message against the “Keywords” for the event “5379” indicates that the attempt was successful.

The most critical security logs events are as follows:

  • Event ID 4624 – Successful logon event.
  • Event ID 4625 – Failed login attempt event.
  • Event ID 4634 – User logoff event.
  • Event ID 4768 – Kerberos authentication ticket was requested.
  • Event ID 4776 – Failed Kerberos authentication attempt.
  • Event ID 4797 – Shows that an attempt was made to operate with additional privileges.
  • Event ID 5140 – A object (network share) was accessed successfully.
  • Event ID 5146 – A object (network share) was changed.
  • Event ID 5156 – A firewall rule was modified.
  • Event ID 5447 – A Windows Filtering Platform filter was changed.
  • Event ID 5677 – A call was made to a privileged service.
  • Event ID 4771 – Kerberos pre-authentication failed.
  • Event ID 5379 – The user performs a read operation on stored credentials in Credential Manager.

This helps review the security; for example, users can view the failed login attempts that can help protect their system against illegal access.


To check the “Security Event Log” on Windows 10, users must press the “Windows + X” keys and navigate to “Event Viewer => Windows Logs => Security”. The security logs tab contains several terminologies that can help identify possible system breaches and other threats. This article discussed how to check the “Security Event Log” in Windows 10.

About the author

Talha Saif Malik

Talha is a contributor at Linux Hint with a vision to bring value and do useful things for the world. He loves to read, write and speak about Linux, Data, Computers and Technology.