question

BillWEvans-4394 avatar image
0 Votes"
BillWEvans-4394 asked ·

Event Logs associated with Static Route Creation

So I had a system that had a static route that was added to the system that caused some networking issues. I was looking for the event ID associated with that, Couldn't find anything. Is there an event log generated when you add a route to the system and what is that event ID?

windows-platform-network
· 4
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SunnyQi-MSFT avatar image SunnyQi-MSFT ·

This is a quick note to let you know that I am currently performing research on this issue and will get back to you as soon as possible. I appreciate your patience.
If you have any updates during this process, please feel free to let me know.

0 Votes 0 ·
GaryNebbett avatar image GaryNebbett ·

Hello @BillWEvans-4394,

IP route modifications are not logged by default. They can be logged, but the amount of data recorded once logging is enabled is large and might have a performance impact. Logging can be enabled by checking "Show Analytic and Debug Logs" in the Event Viewer "View" menu and then navigating to "Applications and Services Logs -> Microsoft -> Windows -> TCPIP -> Diagnostic" and then enabling that log.

It is perhaps better to tap into the same event mechanism using tools intended for diagnosing problems, such as Windows Performance Recorder (WPR), "netsh trace", logman, the PowerShell EventTracingManagement or NetEventPacketCapture modules, etc. - if the problem is reproducible or recurring.

Gary

0 Votes 0 ·
SunnyQi-MSFT avatar image SunnyQi-MSFT ·

Hi,

Just checking in to see if the information provided was helpful.

If yes, you may accept useful reply as answer, if not, welcome to feedback.

Best Regards,
Sunny

0 Votes 0 ·
SunnyQi-MSFT avatar image SunnyQi-MSFT ·

Hi,

Just checking in to see if the information provided was helpful.

If yes, you may accept useful reply as answer, if not, welcome to feedback.

Best Regards,
Sunny

0 Votes 0 ·

1 Answer

SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered ·

Hi,

Thanks for posting in Q&A platform.

Based on my research and test in my lab, unfortunately, there is no such specific event log in Event viewer, windows does not write an event to the event log when the routing table changes.

Best Regards,
Sunny

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

·
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.