How To' Series (Part 2): Event Viewers

By ServerWatch Staff (Send Email)
Posted Sep 10, 2001


Christopher Rice

          The next in my series of introductory looks into administrating Windows 2000 is a look into the Event viewers, all three of them.

The next in my series of introductory looks into administrating Windows 2000 is a look into the Event viewers, all three of them. First, it is important that you know how to browse to the Event Viewer. As with all of the major tools that an Admin will use, it can be located under the Administrative Tools icon in the Control Panel.

          First, it is important that you know how to browse to the Event Viewer.  As with all of the major tools that an Admin will use, it can be located under the Administrative Tools icon in the Control Panel.

          When you click "Event Viewers", you will see the following MMC:

          From here, you can choose which of these logs of events that you would like to view.  This will depend on what type of server you are troubleshooting and what the reported problems you are dealing with.

          For instance, if you were having problems with outside sources hacking into your environment and making changes to your web servers, you would check the Security Event Log.  If you are having problems where your server is randomly going down on a daily basis, when the load on that manager is low, then you should check the System Event log.  If you are having problems with some combination of Software running concurrently on the server, then you would check the Application Event log.

          In most cases, if you are just having "problems" working with a server, such as slow resolution or services dying, you would look at a combination of the System and the Application Event logs.  

          It also makes sense when dealing with vague issues like that to combine the Event logs with some performance monitor data.  To learn more about the performance monitor, go to the following link:

http://www.serverwatch.com/tutorials/article.php/2178431

          So, back to the Event logs....

          When you select which of the logs you would like to view, the right side of the screen will likely be filled with intimidating information that will look like the following:

          And this is from a machine that is functioning pretty well.

          It will be important not to overreact at this point and remember to do two things, check the times and keep thinking.  First, what time are you experiencing problems?  What are the coordinating messages from the log?

          If you would like to get more information regarding one of these messages, simply double click on it and you will get the following:

           You can often times get enough information here to determine what the next step is.  You might find a bad driver here, one that continually fails with no explanation.  If you are looking at the Application log, you might see that SQL is taking up too much memory and causing other services to croak.

          Usually, the data that you will find in these logs will lead you to the problem, but you will have to think through the correct solution.  For instance, if you have a drive that is getting pounded, don't just replace it -- think through getting a dual processor that can handle some more hits.

          As an administrator, you will often times have to think outside of the box, consider the future and expansion, patches and backups, software that does not play nice.  These kinds of things will save you in the long run and will keep you off the phone on the weekends.

          If you are troubleshooting a remote server, it is possible to log into that server with PC Anywhere of Remote Desktop or SMS, but with this tool you can save off the log from a remote machine and then open it on your machine.

          To view the log, you will need to get it into the Event viewer by right clicking on whichever type of log it is (system, app, etc.) and selecting "open log".  You will then be able to browse to the log from the remote machine and import it.

          Troubleshooting from these type of logs will help you immensely.  You will begin to understand the actual functionality of the machine that you are troubleshooting.  At first, being a Server Administrator can be rather daunting but, with the right tools, it can become rather routine.

          There is nothing like figuring something out that nobody else can.  Being able to undestand these logs will help you get to that point.  

          Please e-mail me with some more ideas about administrative pieces of Windows 2000 that you would like described in better detail.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.