Event Viewer and Logs

Guy’s Litmus Test: How many errors do you see in your Event Logs?

Best Practice (Litmus Test)

Professionals have very few errors in the Event Logs

Amateurs see lots of red dots in their Event Viewer

Event Viewer and Logs

Where NT 4.0 had three event logs, Windows 2000 domain controllers had six event logs and Server 2003 even more.  Lots of red dots in the event logs shout to me – ‘Amateurs in charge’. On the other had few red dots, and regular archives it whispers quietly: – ‘Professionals work here’.  While you are in the Event Viewer, remember to check the Application log as well as the System Log, especially if you are running Exchange or SQL.

Increase the log size from the default of 512K to about 4MB.

Use the filter in event viewer; ‘Filter’ is hidden away under the View menu.

Employ VBScripts or PowerShell cmdlets to help you monitor the logs.

Logon Error

Here is a severe problem with the CP domain – no logon servers available.  Investigation revealed that CP domain controllers were offline.

Challenge: Check the Event Logs DAILY

• Checking each log will give youa chance to practice troubleshooting skills
• Mastering the Event Viewer gives you a feel of the pulse of your server.
• Eliminating Errors will prevent problems on your network.  For example, the log tells you that the mail service has stopped, so yourestart it before users notice that there is no e-mail.
• See more troubleshooting eventlogs.

You are always allowed to ask for a bonus!

I dare you to ask your boss for a bonus based on how many red dots (Errors) there are in the logs.  This is the system that my mate ‘mad’ Mick negotiated.  He starts with $100 a quarter per server, if there are no errors he gets the $100 but for each error he loses $1.  Blue (Information) and yellow (warning) messages do not count. After a shaky start where he owed the company $574, he now pockets a nice bonus and has learnt a great deal in the process. 

See more on Event IDs

Guy Recommends:  SolarWinds’ Log & Event Management Tool

LEM will alert you to problems such as when a key application on a particular server is unavailable.  It can also detect when services have stopped, or if there is a network latency problem.  Perhaps this log and event management tool’s most interesting ability is to take corrective action, for example by restarting services, or isolating the source of a maleware attack.

Yet perhaps the killer reason why people use LEM is for its compliance capability, with a little help from you, it will ensure that your organization complies with industry standards such as CISP or FERPA.  LEM is a really smart application that can make correlations between data in different logs, then use its built-in logic to take corrective action, to restart services, or thwart potential security breaches – give LEM a whirl.

Download your FREE trial of SolarWinds Log & Event Management tool.

 Windows 8 Event Viewer

The biggest change Microsoft made to the Event Viewer came between XP and Vista with the introduction of the three pane interface.  Windows 7, and now Windows 8 have merely refined the interface and extended the range of logs that you can interrogate.

Observe the 3 panes: Log List | Event Viewer | Actions

Litmus Tests

Guy’s Litmus test is a concept that you can apply anywhere.  Each test gives you an instant answer to the simple question:-  ‘Are you dealing with a professional, or are they an amateur?   Is this the real deal, or is it a turkey?’   The Litmus Test concept is rather like Best Practice, but it reduces a 27 page report to one sentence. 

Try another of my Litmus tests »

Learn about Windows 8 and Active Directory

• Windows 8 New Features   • Windows 8 Remote Desktop   •Windows 8 Install and Boot

• Windows 8 Performance  •Windows 8 Overview  •Permissions

• Organization Units Litmus Test  • Universal Groups  •Permissions Analyzer