Click Here!
home account info subscribe login search My ITKnowledge FAQ/help site map contact us


 
Brief Full
 Advanced
      Search
 Search Tips
To access the contents, click the chapter and section titles.

Sams Teach Yourself MCSE Windows NT Server 4 in 14 Days
(Publisher: Macmillan Computer Publishing)
Author(s): David Schaer, et al
ISBN: 0672311283
Publication Date: 12/15/97

Bookmark It

Search this book:
 
Previous Table of Contents Next


14.5. The Event Viewer

The Event Viewer can bean invaluable tool during your troubleshooting process. An event is any significant occurrence in the operating system or in an application. If the event is critical, a message appears on-screen. However, any event that is significant appears in the Event Viewer log files. The Event Viewer logging starts automatically when you start Windows NT.

Additionally, the Event Viewer also keeps track of the auditing of security events. However, you must turn on auditing before the Event Viewer will log this information.

14.5.1. Interpreting Event Logs

The Event Viewer creates three log files: the system, application, and security event logs. The System log(see Figure 14.1) contains events created by any of the Windows NT system components. One example of these is a driver that failed to load at system bootup.


Figure 14.1.  The System log contains events the Windows NT system components create.

The Application log contains events from applications, such as error or warning messages. In Figure 14.2, you see applications, such as the licensing service and Windows NT backup, place event information in the Application log.

The Security log contains events from a security auditing policy (see Figure 14.3). Unlike the System and Application logs, auditing is an option that a member of the administrators group must specify through the User Manager for Domains. Also, only administrators can access the Security log.


Figure 14.2.  The Application log contains events from applications.


Figure 14.3.  The Security log contains events from security audits.

The information in the three log files is listed in order of occurrence by date and time. The most recent event appears at the top of the log. Using options in the View menu, you can change the order in which events are displayed. Each of the events in the log file has a corresponding icon that denotes what type of event it is. Table 14.2 lists the icons and their corresponding meanings.

Table 14.2. Log file entries and their corresponding icons.
Icon Description
i A blue icon with a small letter i represents the information icon. This type of event usually is a successful operation of a major service.
! A yellow icon with an exclamation point represents the warning icon. These events aren’t necessarily significant, but a problem could arise in the future because of this event.
Stop A stop sign icon represents an error. It usually is significant and means that data or some functionality of the server has been lost.
Key When you audit the success of events, they appear as keys in the Security log.
Lock A lock indicates a failure audit event in the Security log.

Double-clicking an event in the System log produces a dialog box similar to that in Figure 14.4. If you look at the contents of this event, you see that it gives basic information at the top of the dialog box, such as date, time, computer, and so on. The description of this particular event is relatively straightforward. However, some events might not be so easy to understand.


Figure 14.4.  This dialog box shows the details of an event.

The Data portion at the bottom of the Event Detail dialog box contains any binary data the event generates. A support technician familiar with the application or part of Windows NT that generated the event can interpret this information.

14.5.2. Maintaining Log Files

The event logs are maintained separately from each other. You can change how large the event logs become, along with how they overwrite older information. You also can archive the event logs in several different formats.

You modify the behavior of the log files by clicking Log from the menu and then selecting Log Settings. You can maintain the event log settings (see Figure 14.5) for each log file by selecting the log file settings, which you modify from the Change Settings For option.


Figure 14.5.  The Event Log Settings dialog box enables you to modify the behavior of the log files.

After you specify which log file to modify, you can change the maximum size of the log file in 64KB increments. The default size is 512KB. You should know the default size for the exam. It potentially could be an easy answer for you.

The other item that you can set for the log files is how information is overwritten. Here are the options:

  Overwrite Events as Needed—This overwrites events as necessary after the log file reaches the maximum size you specified for it.
  Overwrite Events Older than x Days—This enables you to specify that events are overwritten after an amount of days that you specify, regardless of the maximum file size. The default setting, as shown in Figure 14.5, is 7 days. The maximum amount of days is 365.
  Do Not Overwrite Events—This maintains all events without overwriting them. To clear the events, you must manually clear the log.


Previous Table of Contents Next


Products |  Contact Us |  About Us |  Privacy  |  Ad Info  |  Home

Use of this site is subject to certain Terms & Conditions, Copyright © 1996-2000 EarthWeb Inc.
All rights reserved. Reproduction whole or in part in any form or medium without express written permission of EarthWeb is prohibited.