Guy Recommends
A solution to monitor, manage and archive thousands of
events that are generated by devices across the entire network.
Download FREE
trial
Guy's Top 10 Free Tools
1) FreePing
2) Network Monitor
3) Xobni
4) PuTTY (UNIX)
5) IP SLA Monitor
6) BgInfo
7) Net-SNMP
8) Engineer's Toolset
9) Exchange Monitor
10) WinDiff
Windows Vista - Event Viewer Improvements
Windows Vista Event - Viewer Improvements
I urge you to give the Vista Event Viewer a chance to impress. Make a resolution to visit the interface at least once a week. Then should disaster strike, your experience will give you a baseline of what a healthy machine looks like. Moreover, any exceptions will stand out and you will know how to drill down and find the crucial troubleshooting information.
Windows Vista - Event Viewer Topics
- Reasons to Master the Event Viewer
- Launching the Vista Event Viewer
- New Event Logs in Vista
- Specific Tasks for New Event Viewer
- Get Into Good Habits
Reasons to Master the Vista Event Viewer
Microsoft has improved the Event Viewer, as a result in Vista there is now a console with three resizable window panes. The benefit of the new design makes it is easier to:
- To solve a specific Vista problem
- To discover why a machine is performing slowly
- To prevent nuisances developing into disasters
♦
Launching the Vista Event Viewer
To get started, click on the Vista Start button, then in the 'Start Search' box type just three letters: eve. Observe how the larger dialog box displays: 'Programs' and underneath: 'Event Viewer'. Click on 'Event Viewer'.
Alternatively, you could type the full word 'event viewer in the Start Search dialog box and then press enter. In Vista there are still two or even three ways of performing most tasks.
As with so many Vista features, Microsoft have improved the Event Viewer compared with its XP predecessor. What particularly impressed me was the slick organization of the vast amount of troubleshooting data. Everywhere you look, from the 3 pane layout, to the categories in Applications and Services Logs, it's obvious that Microsoft have invested considerable effort in researching what people want and then delivering the information to troubleshoot specific Vista events.
New Event Logs in Vista
Vista has added two new logs to the Event Viewer: Setup and Forwarded Events. To find these menu items, look in the left hand pane underneath 'Windows logs', in amongst the familiar: Application, Security and System logs are the two new logs, Setup and Forwarded Events.
When you add new programs, the Setup log records events relating to the installation of each new application. The Forward Events log contains event ids from other computers. You can specify which events to collect via the Event Subscription menu (see above screen shot at the bottom of the menu in the left pane)
Application and
Service Logs
There are also yet more logs, in fact there is a whole new world under 'Application and Service Logs'.
In this section each application or service can have up to four
sub-categories of logs.
Admin: Printers give more than their share of problems, make sure you look in the corresponding Admin log if your printer is not working properly.
Operational: Like the Admin logs, the operational logs are also useful for discovering what happened to faulty print devices, for example, why has a printer disappeared from the network.
Analytical: To turn on the Analytical (and the Debug) log, focus on the right hand pane, Actions menu, from there click on the word 'View' and a tick the box: Show Analytical and Debug Logs. (See screen shots to the right.)
Debug: This log is designed for experienced troubleshooters and developers who are trying to debug a particular problem. Logging in itself causes a load on the processor consequently these intensive logs are disabled by default. Another reason is that ordinary users maybe confused rather than helped by their output.
Guy Recommends: The Orion Network Performance Monitor (NPM) 9.5
Solarwinds' Orion performance monitor is designed for detecting network outages. This NPM will guide you through troubleshooting by indicating whether the root cause is a broken link, faulty equipment or resource overload. Because it produces network-centric views, it is intuitive to navigate, and as result you can see easily what's working and what's not.
Perhaps Orion's best feature is the way it suggests solutions. Moreover, if problems arise out of the blue, then you can configure Orion NPM 9.5 to notify members of your team what's changed and how to fix it.
If you are interested in testing a professional performance monitor on your network, then I recommend that you take advantage of Solarwinds' offer of a download a free trial of Orion's Network Performance Monitor.
Specific New Event Viewer Tasks
My aim in this section is to give you specific examples of what you can achieve with the new Vista Event Viewer.
1) Save crucial event filters as custom views that you can reuse
I recommend that you create views of events across multiple logs, for example create a Custom View of all events containing 'Event Sources: Disk' in either the System or the Application log.
Incidentally, custom views for events reinforces techniques you may have learnt in the new Vista Explorer Searches, both create virtual folders of just the filtered information that you need. Also both use XML to organize their data.
2) Schedule a task to run in response to an event - Integration with Scheduler
a) In the console tree, navigate to the log that contains the event you want to associate with a task.
b) Right-click the
event and select Attach Task to This Event.
c) Perform each step presented by the Create Basic Task Wizard.
3) Create and manage event Subscriptions
The top level tasks are:
a)
Configure the computers to collect and forward events. (See WecUtil and WinRm below)
b) Create a new Subscription and specify the query to collect the events. (Event Viewer, left window pane, last
item.)
WecUtil and WinRm
Our mission is to enable event Subscription on at least two machines. On both Vista computers launch a cmd prompt, remember to request elevated, Administrator privileges. Therefore, before you start, right-click cmd and select, Run as Administrator from the short-cut menu. At the command prompt type:
WinRm quickconfig
y (Enable the WinRm firewall exception)
Note: if you get an Access denied message, see elevated privileges above.
On the computer which is collecting the events also type at the command prompt:
wecutil
qc
y (Yes you want it to
start)
Get into good habits
In my opinion, the biggest problem with previous Windows event viewers is that when the computer did not do what they want, people, including me, forgot to search the logs for clues. The bottom line was that XP's event viewer was not sufficiently eye-catching, interesting or useful to hold a troubleshooter's attention. Vista rectifies this fault by developing the event viewer into a console, where it's easy and enjoyable to discover what is, or is not, going on under the covers of your Vista machine.
As a bonus, by regularly visiting the Event View, you will be alert to problems before they become critical. For example; disk bad sectors may start in harmless areas, with vigilance, you could take action before critical boot sectors are affected.
Windows Vista Training
Train
Signal have an excellent
Windows Vista Training Course. As an MCT
trainer, I am a huge advocate of Train Signal’s products. What impresses is me is that they demonstrate everything that they teach and they stay away from traditional 'lecture-style' training. If
you are looking for a complete DETAILED coverage of Windows Vista, then I highly recommend that you give this course a try. I have reviewed their 18 hours of videos myself, and I guarantee that you will
not be disappointed!
Watch a Vista Training Video Demo.
Windows Vista Troubleshooting:
*
|
|
Guy
Recommends the Free IP SLA Monitor
|
|
Home Copyright © 1999-2010 Computer Performance LTD All rights reserved Please report a broken link, or an error. | |
