Understanding Event Logs

In this section, nosotros talk over the Issue Viewer format and examine the mode information is presented in each log. Every consequence log entry is comprised of several pieces of information. These components are listed in Table 9.5. All of these components tin be enabled or disabled past using the View | Add/Remove Columns carte du jour detail.

Table 9.5 Columns Bachelor in Consequence Logs Column Proper name Clarification

Date

Time User

Computer

Source

Consequence

The date the event occurred. This is stored in Universal Time Coordinate (UTC) format, but the date is displayed co-ordinate to the user's local settings.

The fourth dimension the effect occurred. This is also stored in UTC format and displayed according to the user's local settings.

The user name of the process that caused the event. This can be a user account proper noun or an impersonation name. (Impersonation is the term used to describe when a user impersonates someone else's credentials; e.m., the IIS anonymous user logs on as IUSER_ MachineName business relationship.) If the business relationship is impersonated, both the impersonated account and user name are logged.

The name of the server where the event took place. This could exist a remote computer name if you are accessing a remote computer'south result log.

The name of the awarding that generated the outcome. This could be a software program or a Windows Server 2003 component (e.g., SQL Server equally a program and USB device commuter every bit a component).

Unique ID number for each result. This is supported with a brief explanation of the mistake (e.g., the description for Upshot ID (19011) is Source (MSSQL$WEBDB) cannot be found). Y'all can troubleshoot the application by using these upshot details and the source data.

Continued

Table 9.v Columns Available in Upshot Logs

Cavalcade Name Clarification

Type The type of the event. This could be any one of those event types discussed before: fault, information, and warning in the system and application logs, or success audit or failure audit in the security log. Each blazon has a unique icon to represent information technology in the Event Viewer.

Category This feature is primarily used in the security log. This is the category to which the event belongs according to the source of the event.

Effect Log Types

The outcome log service is automatically started when the Windows Server 2003 systems starts. Iii default log files are available in Windows Server 2003. These same logs were also available in Windows NT, 2000, and XP. The default logs are as follows:

■ Application log This log is available for general troubleshooting as well as the awarding developers. It can be used to record application errors, warnings, and information events. Scripting languages (such equally C#, C++,VB 6.0) include Application Programming Interface (API) calls to log entries in the application log.This log can be used to display a myriad of application errors. (e.g.,The application tin can record a Source file non found mistake when files needed to complete a transaction are missing.)

■ Security log Events that affect system security are included in this effect log. These events include failed or successful logon attempts, creating, opening or deleting files, changing properties or permissions on user accounts and groups, etc.

■ System log Events related to Windows organization components are stored in this log file. This includes entries regarding failure of drivers and other system components during startup and shutdown.

These are the logs available for a Windows Server 2003 standalone server. The application or system result log of a Windows Server 2003 non-domain controller machine is similar to Figure ix.24.This image displays the Awarding event log on a machine chosen Domicile-NET. This image clearly shows the information, warning, and error events that have occurred on this server. (For instance, the starting time entry is an information event, followed by two warnings and ii errors.) Note the different icons the Event Viewer uses for information, warning, or mistake events. Also annotation the columns that are displayed.

You can go further data most a specific event past double-clicking the issue name in the list. The list view does not requite any specific information nearly the event; it only provides you with an issue ID. Double-clicking the effect gives you more information. Figure 9.25 shows the Event Properties box that is displayed when you lot double-click the first mistake message in the listing.Y'all can view a detailed error message using this view.You can also use the pointer keys (upwards and down arrow keys) to navigate through the Event Viewer, or you tin can copy the outcome data to the clipboard by using the icon below the downward arrow key.

Figure nine.24 Application Consequence Viewer

Figure 9.24 Application Event Viewer

Test Day Tip

Some errors brandish the input and output parameters for a procedure. This data can be viewed via the Data group box at the bottom. The data can be viewed in Hexadecimal (displayed as Bytes) or DWORD (displayed equally Words) format. Not all applications generate binary data. Expert programmers can use the information contained in these descriptions to troubleshoot problems.

Figure 9.25 Awarding Fault Description

The Security Event Viewer is similar to Figure nine.26. Withal, there are ii differ-ences.The type of the Security Effect Viewer is either Success Audit or Failure Audit.The other pregnant difference is the information in the Category cavalcade. The Security Event Viewer is shown in Figure 9.26.

Figure ix.26 Security Event Viewer

Figure ix.26 Security Event Viewer

If the server is a domain controller, it displays boosted result logs. Hither are the additional events logs you lot might meet on a domain controller:

■ Directory Service log Used to log Windows Active Directory events.The Active Directory Service logs these entries in the event log. (For example, a connection error between the Active Directory global itemize and the server is recorded in this section.)

■ File Replication Service log Contains the events logged by the File Replication Service. File replication failures and other events regarding arrangement and shared volumes are recorded here.

■ DNS server log Domain Name System (DNS) service log entries are include in this log file. This log appears on any computer configured as a DNS server (not just domain controllers).

Continue reading here: Eventqueryvbs

Was this commodity helpful?