Thursday, July 10, 2008

Working with Server 2008 Event Viewer

A huge number of things are happening at any one time on a server: Users are logging in and accessing files, drives are spinning away, and processors are trying to make sense of it all. Each of these instances is considered an event. Being able to monitor these events and use them to interpret the health of your servers is an important aspect of administering a Windows Server 2008 network.

As its name suggests, the Event Viewer is used to view events. Although it is more of a passive tool (it doesn't supply you with the real-time data that you see in the Performance Monitor), it does give you access to a great deal of information.

You can view the events related to a particular role by selecting that role node in the Server Manager. For example, you can view the events related to file services on a file server by clicking the File Services node in the Server Manager node tree.

Although the Server Manager provides quick access to events related to a role, let's take a closer look at the Event Viewer, which can be opened as a separate snap-in. The Event Viewer accumulates events in a number of log files: Event Viewer can help you monitor hardware, application, service, and security issues.

The Event Viewer (Start, Administrative Tools, Event Viewer) provides two main categories of logs: Windows logs and Applications and Services logs. The Windows logs include the following:

• Application log— This log records events about the various applications running on the system. The developer typically presets these events in the software. The application log also records alerts configured in the System Monitor.

• Security log— This log records events related to the audit policies that you configure in Group Policy, "Deploying Group Policy and Network Access Protection"), such as the auditing of file access or the logon of a particular user or group of users. This log also tracks events related to resource use (such as files) on the network shares.

• Setup log— This log records events related to application installation and setup. This includes events regarding the adding or removal of server roles, information events when a role is added successfully, and warning events when a restart is necessary to finalize the addition of a role.

• System log— This log provides log entries based on a number of Windows Server 2008 presets. This includes information on things such as driver failures and services that fail to load. Anything to do with services or system resources can show up in this log.

A new set of logs, the Applications and Services logs, provide event logging for individual applications and server components. The default Application and Services logs include the Hardware Events (events related to hardware installation and failure), Internet Explorer (Internet Explorer–specific events) and Key Management Service (which is related to the use of encryption keys when sending and receiving data to other computers on the network). Other logs available in this category depend on the software and roles installed on the server.

A system of icons is used to classify the type of event that has been recorded in a particular event log. In the System log and the Application log, you can find the following event categories (each represented by a different icon in the Event Viewer):

• The Information icon— Denotes the logging of successful system events and other processes

• The Warning icon— Shows a noncritical error on the system

• The Error icon— Indicates the failure of a major function (such as a driver failure)

To view a specific log in the Event Monitor, select the log's node in the node tree. The events recorded in that log appear in the Details pane.

Two additional icons are found in the Security log:
• The Success Audit icon— Shows that a security access event was successful (such as the access of a certain folder or file on the network)

• The Failure Audit icon— Shows that an audited security event failed (such as the failure of a user logon)

To view the properties of a particular event in a log, double-click on the event's icon in the Details pane. For example, you may want to see the details related to an Error event logged in the System log.

Microsoft now provides event-specific help for logged events. For more information on a logged event, click the Event Log Online Help link in the event's Properties dialog box. You are informed that the Event Viewer will send the information related to the event over the Internet. Click Yes to continue.

Internet Explorer opens and provides additional information on the event. This information includes an explanation of the event and possible actions to be taken to remedy the problem related to the event.

Source of Information : Sams Teach Yourself Windows Server 2008 in 24 Hours

No comments: