Is there an exhaustive list of what Windows logs or can log?

Solution 1:

%WINDIR%\System32\config or %WINDIR%\System32\winevt\Logs
Contain most of the event logs accessible from the Event Viewer.
%WINDIR%\Logs
Contains a lot of textual log files.

%WINDIR\Temp\*.log
Contains information about MSI installations as well as for Windows Defender starting / scanning.
%AppData%\Local\Temp\*.log
Contains information about MSI installations ran in the context of the current user.

%AppData%\Local\Microsoft\Websetup (Windows 8)
Contains details about the web setup phase of Windows 8.
%AppData%\setupapi.log (Windows XP and earlier)
Contains information about device and driver changes and important system changes, like installation of service packs and hotfixes.
%SYSTEMROOT%\$Windows.~BT\Sources\Panther\*.log,xml
Contains information about setup actions, errors, structure, SIDs and early setup devices. When the installation is rolled back, these files will contain rollback information.
%WINDIR%\PANTHER\*.log,xml
Contains information about setup actions, errors, structure, SIDs and later setup devices.
%WINDIR%\INF\setupapi.dev.log
Contains information about Plug and Play devices and driver installations.
%WINDIR%\INF\setupapi.app.log
Contains information about the installations of applications.
%WINDIR%\Performance\Winsat\winsat.log
Contains performance test results.

To enable logging of the Windows Time Service:

w32tm /debug /enable /file:"C:\time-service.log" /entries:1000 /size:10485760

To disable logging of the Windows Time Service run:
```
w32tm /debug /disable
```

%WINDIR%\WindowsUpdate.log
Contains all events related to Windows Update
%WINDIR%\SoftwareDistribution\ReportingEvents.log
Contains events related to software update status reports.

%WINDIR%\Logs\DISM\dism.log
Contains information about events that happen when interacting with the Windows image.

%WINDIR%\Logs\CBS\CBS.log
Contains information about events that happen when interacting with Windows components and features.