Computer Performance, Microsoft Windows Vista

 
Custom Search

Guy's Review of Computer Tools

 1) Belarc Advisor
 2) Network Perf Mon
 3) Freeping
 4) PuTTY
 5) Bandwidth Analyzer
 6) Secunia
 7) Net-SNMP
 8) Permission Analyzer
 9) DNS Stuff
10) WinDiff's Compare

Windows Vista - Event Viewer Improvements

Windows Vista Event - Viewer ImprovementsWindows Vista Event Viewer

I urge you to give the Vista Event Viewer a chance to impress.  Make a resolution to visit the interface at least once a week.  Then should disaster strike, your experience will give you a baseline of what a healthy machine looks like.  Moreover, any exceptions will stand out and you will know how to drill down and find the crucial troubleshooting information.

Windows Vista - Event Viewer Topics

Reasons to Master the Vista Event Viewer

Microsoft has improved the Event Viewer, as a result in Vista there is now a console with three resizable window panes.  The benefit of the new design makes it is easier to:

  • To solve a specific Vista problem
  • To discover why a machine is performing slowly
  • To prevent nuisances developing into disasters

 ♦

Launching the Vista Event Viewer

To get started, click on the Vista Start button, then in the 'Start Search' box type just three letters: eve.  Observe how the larger dialog box displays: 'Programs' and underneath: 'Event Viewer'.  Click on 'Event Viewer'.

Launch Vista Event Viewer

Alternatively, you could type the full word 'event viewer in the Start Search dialog box and then press enter.  In Vista there are still two or even three ways of performing most tasks.

Windows Vista Event Viewer Improvements

As with so many Vista features, Microsoft has improved the Event Viewer compared with its XP predecessor.  What particularly impressed me was the slick organization of the vast amount of troubleshooting data.  Everywhere you look, from the 3 pane layout, to the categories in Applications and Services Logs, it's obvious that Microsoft has invested considerable effort in researching what people want and then delivering the information to troubleshoot specific Vista events.

New Event Logs in Vista

Vista has added two new logs to the Event Viewer: Setup and Forwarded Events.  To find these menu items, look in the left hand pane underneath 'Windows logs', in amongst the familiar: Application, Security and System logs are the two new logs, Setup and Forwarded Events.

When you add new programs, the Setup log records events relating to the installation of each new application.  The Forward Events log contains event ids from other computers.  You can specify which events to collect via the Event Subscription menu (see above screen shot at the bottom of the menu in the left pane)

Application and Service Logs

®

There are also yet more logs, in fact there is a whole new world under 'Application and Service Logs'.

Applications and Services Logs

In this section each application or service can have up to four sub-categories of logs.Windows Vista - Event Viewer Custom Views

Admin: Printers give more than their share of problems, make sure you look in the corresponding Admin log if your printer is not working properly.

Operational: Like the Admin logs, the operational logs are also useful for discovering what happened to faulty print devices, for example, why has a printer disappeared from the network.

Analytical: To turn on the Analytical (and the Debug) log, focus on the right hand pane, Actions menu, from there click on the word 'View' and a tick the box: Show Analytical and Debug Logs.  (See screen shots to the right.)Windows Vista Show Analytic and Debug Logs

Debug:  This log is designed for experienced troubleshooters and developers who are trying to debug a particular problem.  Logging in itself causes a load on the processor consequently these intensive logs are disabled by default.  Another reason is that ordinary users maybe confused rather than helped by their output.

Guy Recommends:  SolarWinds' Log & Event Management ToolSolarwinds Log and Event Management Tool

LEM will alert you to problems such as when a key application on a particular server is unavailable.  It can also detect when services have stopped, or if there is a network latency problem.  Perhaps this log and event management tool's most interesting ability is to take corrective action, for example by restarting services, or isolating the source of a maleware attack.

Yet perhaps the killer reason why people use LEM is for its compliance capability, with a little help from you, it will ensure that your organization complies with industry standards such as CISP or FERPA.  LEM is a really smart application that can make correlations between data in different logs, then use its built-in logic to take corrective action, to restart services, or thwart potential security breaches - give LEM a whirl.

Download your FREE trial of SolarWinds Log & Event Management tool.

Specific New Event Viewer Tasks

My aim in this section is to give you specific examples of what you can achieve with the new Vista Event Viewer.

1) Save crucial event filters as custom views that you can reuse

I recommend that you create views of events across multiple logs, for example create a Custom View of all events containing 'Event Sources: Disk' in either the System or the Application log.

Incidentally, custom views for events reinforces techniques you may have learnt in the new Vista Explorer Searches, both create virtual folders of just the filtered information that you need.  Also both use XML to organize their data.

2) Schedule a task to run in response to an event - Integration with Scheduler

a) In the console tree, navigate to the log that contains the event you want to associate with a task.
b) Right-click the event and select Attach Task to This Event.
c) Perform each step presented by the Create Basic Task Wizard.

3) Create and manage event Subscriptions

The top level tasks are:
a) Configure the computers to collect and forward events.  (See WecUtil and WinRm below)
b) Create a new Subscription and specify the query to collect the events.  (Event Viewer, left window pane, last item.)

WecUtil and WinRm

Our mission is to enable event Subscription on at least two machines.  On both Vista computers launch a cmd prompt, remember to request elevated, Administrator privileges.  Therefore, before you start, right-click cmd and select, Run as Administrator from the short-cut menu.  At the command prompt type:

WinRm quickconfig
y (Enable the WinRm firewall exception)

Note: if you get an Access denied message, see elevated privileges above.

On the computer which is collecting the events also type at the command prompt:

wecutil qc
y (Yes you want it to start)

Get Into Good Habits

In my opinion, the biggest problem with previous Windows event viewers is that when the computer did not do what they want, people, including me, forgot to search the logs for clues.  The bottom line was that XP's event viewer was not sufficiently eye-catching, interesting or useful to hold a troubleshooter's attention.  Vista rectifies this fault by developing the event viewer into a console, where it's easy and enjoyable to discover what is, or is not, going on under the covers of your Vista machine.

As a bonus, by regularly visiting the Event View, you will be alert to problems before they become critical.  For example; disk bad sectors may start in harmless areas, with vigilance, you could take action before critical boot sectors are affected.

An Alternative to the Event Viewer: PowerShell Get-Eventlog

Here is a simple PowerShell script to list all the event logs:

# PowerShell script to enumerate the event logs.
Get-Eventlog -list

Learning Points

Note 1a:  -list is correct, please note that you really do need that dash to precede a PowerShell parameter.

Note 1b: What I find is that PowerShell helps you discover more about the Event Viewer, and interrogating these logs is a great reason to learn PowerShell.

See more on PowerShell Eventlog scripts.

 

If you like this page then please share it with your friends

 

Windows Vista Troubleshooting:

Other Sections

 *

Custom Search

Site Home

Guy Recommends: SolarWinds' NPM - Review of Orion NPM
Network Performance Monitor

SolarWinds' performance monitor is designed for detecting network outages, making it easy to see what's working, and what needs your attention.

This utility guides you through creating network maps; it also helps identifying whether the root cause is faulty equipment, or resource overload. Give NPM a try.

Download a free trial of Network Performance Monitor

Article by: Guy Thomas Copyright © 1999-2017 Computer Performance LTD All rights reserved.

Please report any broken link, or an error to: