In this Video: 

• We will present an overview of the Windows Event Viewer.
• At the completion of this lecture you will gain valuable-work related knowledge and experience by utilizing and implementing the tools discussed in this lecture.

The Event Viewer has been vastly improved over the earlier versions of the Windows operating systems. In this lecture, you will become familiar with the new features of this event viewer. If you need to troubleshoot problems the logs and the events ID’s viewer is where you will be spending the majority of your time. If you want to be the best, learn how to use this event viewer.

To open the event viewer – Use Widows search, type event viewer

In the left panel we have:

• Event viewer
• Custom Views  
• Windows logs
• Applications and Services Logs
• Subscriptions

On the right, we have the Summary of Administrative Events, which is an overview of all event types. Also the Events that you may need to pay attention to right away will be in the summary.  

For example, In this case, click the + sign by critical, double click kernel-power

(The kernel power event ID 41 error occurs when the computer is not shut down cleanly, server locked up) 

Go back to the summary page, in this case, click the + sign by errors, double click event ID 404 DNS-Server-Service, double click the last error 

Recently viewed nodes: - which displays the last viewed log files

Log Summary: This summary displays the retention policy. This policy is based upon answers to the following question. When this log reaches a certain size what do you want to do?

• Overwrite events
• Archive events
• Clear logs manually

If you open windows logs, right click on the application log, then properties. You will see the default settings for the log size and the three choices, overwrite, archive or clear the logs manually.

These settings become important when you start getting low on hard disk space, or your network is getting bogged down moving data between servers from all the misconfigured logs.

• Event Viewer (Local)  

Right click, here you can connect to another Computer. In this case, I type SVR-DNS1 and can view all the logs and events.

• Custom Views 

Creating a custom view: You can create a filter that includes events from multiple event logs that satisfies specified criteria. You can then name and save that filter as a custom view. Let’s say you are having a DNS problem on your DNS server you can configure a custom view for troubleshooting that particular issue.

Let’s create a Custom view for my DNS server SVR-US.  

• Right click on custom views, select create custom view
• Check critical, then check error
• Select By source, click the down arrow, scroll down and select DNS-Server  
• select down arrow on Task category: Click <All Task Categories>
• Click the down arrow on Keywords: select <All Keywords>
• Click ok, Name – I type SVR-US Events

• Server Rolls – If you have installed a server roll, there will be an event displayed here by default.

Active Directory Domain Services – Shows all the system events for Active Directory Domain Services.

DNS Server - Displays the System events for DNS Server

Remote Desktop Services – Displays the System events for Remote Desktop Services

• Windows logs

Application log  

An application log is a file of events that are logged by a software application. It contains errors, informational events, and warnings. Such as the failure of MS SQL to access a database.

Security log

A Security log is a log that contains records of login/logout activity or other securityrelated events  

Server Academy Members Only

Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.

Sign In Get Instant Access