List every possible Windows Event ID

James Ward-Smith 21 Reputation points
2021-06-04T01:22:14.387+00:00

Hi,

I am currently trying to discover a way to get a listing of every possible Windows Event ID and associated description?

For example I am interested in a listing of every POSSIBLE Windows Event ID for the following in Event Viewer:

  • Active Directory Web Services
  • DFS Replication
  • Directory Service
  • DNS Server

I cannot find a way to do this, and have only been successful in listing events for these categories that have already triggered.

Note: wevtutil gp "Active Directory Web Services" /ge /gm:true does not work.

Kind regards,

James

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,831 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,955 questions
{count} votes

Accepted answer
  1. Vicky Wang 2,731 Reputation points
    2021-06-07T09:44:14.587+00:00

    Hi,
    Thank you for your patience and reply.
    If the information provided by me and the MVP is not helpful to you. I might suggest that you go to Microsoft to open a consulting case.
    A senior engineer may be able to give you a more comprehensive suggestion.
    reference: https://support.microsoft.com/en-in/hub/4343728/support-for-business
    Hope this information can help you
    Best wishes
    Vicky

    1 person found this answer helpful.
    0 comments No comments

7 additional answers

Sort by: Most helpful
  1. Anonymous
    2021-06-04T12:35:10.21+00:00

    Can you reverse engineer the .dll file or .exe file to discover all the Event ID values?

    I'd ask this one over here.
    https://learn.microsoft.com/en-us/answers/topics/c++.html
    https://learn.microsoft.com/en-us/answers/topics/windows-api-general.html

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    1 person found this answer helpful.
    0 comments No comments

  2. Marcus Thompson 5 Reputation points
    2023-03-02T15:36:02.3366667+00:00

    Follow example 7 on the Get-WinEvent page to list the providers for the event log you're interested in.
    (Get-WinEvent -ListLog <Your Event Log>).ProviderNames

    Then, example 9 to get the Event IDs based on the providers you found.
    (Get-WinEvent -ListProvider <Your Provider>).Events | Format-Table Id, Description

    You can also list every Event ID available for all providers on your system doing something like this:

    Get-WinEvent -ListProvider * -Erroraction Silentlycontinue | Select Name -ExpandProperty Events | Format-Table Name, ID, Description

    1 person found this answer helpful.

  3. Anonymous
    2021-06-04T01:34:19.737+00:00

    There used to be a pretty good list on microsoft.com Some can be found here.
    https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/appendix-l--events-to-monitor
    and here.
    http://www.eventid.net/
    http://www.chicagotech.net/wineventid.htm

    --please don't forget to upvote and Accept as answer if the reply is helpful--


  4. Anonymous
    2021-06-04T01:49:08.693+00:00

    I am really after is a list of all possible Event ID values

    Sounds good, that's a pretty tall order.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.