In Issue 16 of the free (IN)SECURE magazine Rob Faber describes the design and the various features of Microsoft Windows event logging services. His article covers both, the old log of the NT family of kernels and the redesigned event logging services found in Vista and Windows Server 2008.
