There are also yet more logs, in fact there is a whole new world under ‘Application and Service Logs’.
In this section each application or service can have up to four sub-categories of logs.
Admin: Printers give more than their share of problems, make sure you look in the corresponding Admin log if your printer is not working properly.
Operational:Like the Admin logs, the operational logs are also useful for discovering what happened to faulty print devices, for example, why has a printer disappeared from the network.
Analytical: To turn on the Analytical (and the Debug) log, focus on the right hand pane, Actions menu, from there click on the word ‘View’ and a tick the box: Show Analytical and Debug Logs. (See screen shots to the right.)
Debug: This log is designed for experienced troubleshooters and developers who are trying to debug a particular problem. Logging in itself causes a load on the processor consequently these intensive logs are disabled by default. Another reason is that ordinary users maybe confused rather than helped by their output.
Guy Recommends: SolarWinds’ Log & Event Management Tool
LEM will alert you to problems such as when a key application on a particular server is unavailable. It can also detect when services have stopped, or if there is a network latency problem. Perhaps this log and event management tool’s most interesting ability is to take corrective action, for example by restarting services, or isolating the source of a maleware attack.
Yet perhaps the killer reason why people use LEM is for its compliance capability, with a little help from you, it will ensure that your organization complies with industry standards such as CISP or FERPA. LEM is a really smart application that can make correlations between data in different logs, then use its built-in logic to take corrective action, to restart services, or thwart potential security breaches – give LEM a whirl.
Download your FREE trial of SolarWinds Log & Event Management tool.
My aim in this section is to give you specific examples of what you can achieve with the new Vista Event Viewer.
1) Save crucial event filters as custom views that you can reuse
I recommend that you create views of events across multiple logs, for example create a Custom View of all events containing ‘Event Sources: Disk’ in either the System or the Application log.
Incidentally, custom views for events reinforces techniques you may have learnt in the new Vista Explorer Searches, both create virtual folders of just the filtered information that you need. Also both use XML to organize their data.
2) Schedule a task to run in response to an event – Integration with Scheduler
a) In the console tree, navigate to the log that contains the event you want to associate with a task.
b) Right-click the event and select Attach Task to This Event.
c) Perform each step presented by the Create Basic Task Wizard.
3) Create and manage event Subscriptions
The top level tasks are:
a) Configure the computers to collect and forward events. (See WecUtil and WinRm below)
b) Create a new Subscription and specify the query to collect the events. (Event Viewer, left window pane, last item.)
WecUtil and WinRm
Our mission is to enable event Subscription on at least two machines. On both Vista computers launch a cmd prompt, remember to request elevated, Administrator privileges. Therefore, before you start, right-click cmd and select, Run as Administrator from the short-cut menu. At the command prompt type:
y (Enable the WinRm firewall exception)
Note: if you get an Access denied message, see elevated privileges above.
On the computer which is collecting the events also type at the command prompt:
y (Yes you want it to start)
In my opinion, the biggest problem with previous Windows event viewers is that when the computer did not do what they want, people, including me, forgot to search the logs for clues. The bottom line was that XP’s event viewer was not sufficiently eye-catching, interesting or useful to hold a troubleshooter’s attention. Vista rectifies this fault by developing the event viewer into a console, where it’s easy and enjoyable to discover what is, or is not, going on under the covers of your Vista machine.
As a bonus, by regularly visiting the Event View, you will be alert to problems before they become critical. For example; disk bad sectors may start in harmless areas, with vigilance, you could take action before critical boot sectors are affected.
An Alternative to the Event Viewer: PowerShell Get-Eventlog
Here is a simple PowerShell script to list all the event logs:
# PowerShell script to enumerate the event logs.
Note 1a: -list is correct, please note that you really do need that dash to precede a PowerShell parameter.
Note 1b: What I find is that PowerShell helps you discover more about the Event Viewer, and interrogating these logs is a great reason to learn PowerShell.
See more on PowerShell Eventlog scripts.
If you like this page then please share it with your friends
Windows Vista Troubleshooting: