ServersHow To' Series (Part 2): Event Viewers

How To’ Series (Part 2): Event Viewers




Christopher Rice

          The next
in my series of introductory looks into administrating Windows 2000 is a look
into the Event viewers, all three of them.

The next in my series of introductory looks into administrating Windows 2000 is a look into the Event viewers, all three of them.

First, it is important that you know how to browse to the Event Viewer. As with all of the major tools that an Admin will use, it can be located under the Administrative Tools icon in the Control Panel.

          First, it
is important that you know how to browse to the Event Viewer.  As with all
of the major tools that an Admin will use, it can be located under the
Administrative Tools icon in the Control Panel.

          When you
click “Event Viewers”, you will see the following MMC:

          From
here, you can choose which of these logs of events that you would like to
view.  This will depend on what type of server you are troubleshooting and
what the reported problems you are dealing with.

          For
instance, if you were having problems with outside sources hacking into your
environment and making changes to your web servers, you would check the Security
Event Log.  If you are having problems where your server is randomly going
down on a daily basis, when the load on that manager is low, then you should
check the System Event log.  If you are having problems with some
combination of Software running concurrently on the server, then you would check
the Application Event log.

          In most
cases, if you are just having “problems” working with a server, such
as slow resolution or services dying, you would look at a combination of the
System and the Application Event logs.  

          It also
makes sense when dealing with vague issues like that to combine the Event logs
with some performance monitor data.  To learn more about the performance
monitor, go to the following link:

https://www.serverwatch.com/tutorials/article.php/2178431

          So, back
to the Event logs….

          When you
select which of the logs you would like to view, the right side of the screen
will likely be filled with intimidating information that will look like the
following:

          And this
is from a machine that is functioning pretty well.

          It will
be important not to overreact at this point and remember to do two things, check
the times and keep thinking.  First, what time are you experiencing
problems?  What are the coordinating messages from the log?

          If you
would like to get more information regarding one of these messages, simply
double click on it and you will get the following:

           You
can often times get enough information here to determine what the next step
is.  You might find a bad driver here, one that continually fails with no
explanation.  If you are looking at the Application log, you might see that
SQL is taking up too much memory and causing other services to croak.

          Usually,
the data that you will find in these logs will lead you to the problem, but you
will have to think through the correct solution.  For instance, if you have
a drive that is getting pounded, don’t just replace it — think through getting a
dual processor that can handle some more hits.

          As an
administrator, you will often times have to think outside of the box, consider
the future and expansion, patches and backups, software that does not play
nice.  These kinds of things will save you in the long run and will keep
you off the phone on the weekends.

          If you
are troubleshooting a remote server, it is possible to log into that server with
PC Anywhere of Remote Desktop or SMS, but with this tool you can save off the
log from a remote machine and then open it on your machine.

          To view
the log, you will need to get it into the Event viewer by right clicking on
whichever type of log it is (system, app, etc.) and selecting “open
log”.  You will then be able to browse to the log from the remote
machine and import it.

         
Troubleshooting from these type of logs will help you immensely.  You will
begin to understand the actual functionality of the machine that you are
troubleshooting.  At first, being a Server Administrator can be rather
daunting but, with the right tools, it can become rather routine.

          There is
nothing like figuring something out that nobody else can.  Being able to
undestand these logs will help you get to that point.  

          Please
e-mail me with some more ideas about administrative pieces of Windows 2000 that
you would like described in better detail.

Latest Posts

Related Stories