- Search Event Logs and error codes with Netikus.net System32 - Thu, Jan 10 2019
- Netikus.net IPMon+ – GUI for ipmon.exe - Tue, Nov 20 2018
- Understanding PowerShell Begin, Process, and End blocks - Mon, Oct 15 2018
As IT professionals we are always troubleshooting something, and typically this involves reviewing the Windows Event Log or an error code. System32 is an easy-to-use website that all IT professionals can use on a daily basis.
Netikus.net System32
Let's take a look at each resource within the System32 website.
Event Log
If you have worked with Windows as an IT professional, you've used the Event Viewer either to troubleshoot or to identify activity on a Windows system. When reviewing event logs, sometimes you come across an ambiguous event ID. This is where System32 comes in handy.
With the Event Log section of System32, you can browse all available events and filter based on your needs. Additionally, you can search directly for the event ID.
Browse all event IDs
For example, every application, service, etc. uses the Windows Registry in some way. When troubleshooting, you may encounter event ID 4660 in the Event Viewer. This ID indicates deletion of an object from the Registry.
The System32 website offers a detailed explanation for each event ID including the name, field, applicable operating system, and an example value. The latter is extremely helpful, especially when you are looking at events with lots of data as it allows you to skip past unneeded information quickly. If you need more information, there is a direct link to Microsoft's documentation as well.
On top of all this, it also gives you the command to look up the audit policy configuration settings for this event type. Lastly, System32 also provides you with a quick guide on enabling Windows auditing, which is helpful by itself.
Details for event ID 4660
Codes
The Codes section of System32 provides a quick and easy way to look up a "broad range of error codes like your regular Windows errors, Task Scheduler Service, NTSTATUS errors, Windows Internet errors, STOP codes, BSOD errors, just to name a few." This is a great reference, especially if you are looking through log files or the Windows Event Viewer.
Personally, this resource has helped me when I've quickly needed to look up a Windows "privilege" type, and the brief description has jogged my memory.
Codes privilege section
As a Windows IT pro, you more than likely have dealt with managing Active Directory with PowerShell. If you have used System.DirectoryServices to access Active Directory instead of the Active Directory PowerShell module included when you have Remote Server Administration Tools (RSAT) installed, you have probably seen strange error codes at some point.
System32's Code section provides details explanation of these error codes under the field:"Active Directory Access Codes and Rights":
Active Directory Access Codes and Rights
Scripts
System32 also offers a great resource for writing scripts that interact with the Windows Event Log. You will find information for the SysAdmin Tools logevent.exe command-line utility, Perl, PowerShell, Python, and Ruby!
System32 Scripts section
This great blog post on Creating your very own event message DLL walks you through creating your own "event message" definition file, which allows you to customize message formatting, output types, and much, much more.
Also, in this section is a PowerShell Basic Commands section with a few beginner tips, which is a nice bonus.
Geo IP Lookup
The last main section I want to talk about is the Geo IP Lookup tool. You'll see your current IP address, and you can also enter a comma-separated list of IP addresses. Geo IP returns the location and country of each IP address. Additionally, Geo IP provides a link to a Google Map and queries the two open-source threat intelligence platforms Cymon.io and ThreatCrowd.
Subscribe to 4sysops newsletter!
Geo IP Lookup on System32
Conclusion
I especially like the details page that gives you the command needed to work with that single event. In the future, I do hope they do this for different languages like PowerShell. Overall, the System32 online database by Netikus.net, the maker of EventSentry, is a great resource whether you need to look up Windows Event IDs, error codes, or IP addresses. System32 has provided a great way to decipher and extrapolate important information from Windows Events into a readable and comprehensive format.
