Similar to severity levels of syslog messages, Windows Event Logs have their classification to determine the severity of an event. There are five Windows Event types described as follows by Microsoft:
Error
An event that indicates a significant problem such as loss of data or loss of functionality. For example, if a service fails to load during startup, an Error event is logged.
Warning
An event that’s not necessarily significant but may indicate a possible future problem. For example, when disk space is low, a Warning event is logged. If an application can recover from an event without loss of functionality or data, it can generally classify the event as a Warning event.
Information
An event that describes the successful operation of an application, driver, or service. For example, when a network driver loads successfully, it may be appropriate to log an Information event. It’s generally inappropriate for a desktop application to log an event each time it starts.
Success Audit
An event that records an audited security access attempt that’s successful. For example, a user's successful attempt to log on to the system is logged as a Success Audit event.
Failure Audit
An event that records an audited security access attempt that fails. For example, if a user tries to access a network drive and fails, the attempt is logged as a Failure Audit event.
