When your machine blue screens, the state of the machine's memory is captured in the dump file. Get a kernel dump for a snapshot of what's in memory.
What are you expecting the Windows Event Logs to tell you? FWIW, it's up to each application to determine what to write to the Windows event log. If the application doesn't support a verbose logging mode, then you can't get any more data out of the Event Logs Cheers Ken From: John Aldrich [mailto:[email protected]] Sent: Saturday, 20 February 2010 2:00 AM To: NT System Admin Issues Subject: RE: log levels Well, what's happening is that our time and attendance software will start to import the punches from the clocks and then it'll blue screen. Some research looking at the mini-dump files suggests that Vipre is the culprit, and I've got logging enabled at the maximum level there, but right now Vipre is disabled at the suggestion of Support. I was hoping I could attack this from both sides - from the Windows side of things and from the Vipre side. Guess I can't turn up the event log levels...wish I could. :( From: KenM [mailto:[email protected]] Sent: Friday, February 19, 2010 9:44 AM To: NT System Admin Issues Subject: Re: log levels "Crashing", is this just an app or is the computer itself crashing. If it is the computer configure it to create a dump file and look at that. If it is a app you can use adplus. On Fri, Feb 19, 2010 at 9:26 AM, John Aldrich <[email protected]<mailto:[email protected]>> wrote: Is there any way to increase the verbosity of the information recorded in the event logs in Windows 2000? I've got a machine that has been crashing intermittently. I *may* have tracked down the culprit, but I'd like to be sure by getting as much info as possible from the event logs. Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
