Event Viewer is often the first tool that you will use for gathering
troubleshooting information and viewing system health and status.
Event Viewer in Windows Server 2008 has five key categories: Event
Logs Summary, Custom Views, Windows Logs, Applications and Services
Logs, and Subscriptions.
The Event Logs Summary is an aggregate view of all system logs on
Windows Server 2008. It gives you an immediate view of administrative
events and recently viewed nodes.
You can view the number of error, warning, information, and audit
success events that have occurred in the last hour and previous 24
hours.
You can select an event such as event ID (eye-dee) 4015 (four-zero-one-five)
from the DNS (dee-en-ess) Server log to view all instances of
this event as a saved custom view.
You can use Custom Views to display events that match specific
criteria from selected log files. You can then manage the server
without the distraction of other events.
Consider a scenario where an incident has occurred on the Active
Directory domain controller that is also running the DNS (dee-en-ess)
Server service.
You can create a custom view of all error and warning events for
these server roles using a cross-log query.
You can filter the view by specifying a time period, such as the last
hour, the last seven days, or create a custom time range.
To filter the event source and give the view more granular criteria,
you can select event sources such as DNS -Server-Service and NTDS ISAM.
Further filter options include event IDs (eye-dees) to
include or exclude from the source, and keywords such as Audit Failure
or Audit Success.
You can also select the source user account or source computer
account.
Events relating to the selection criteria will appear in the details
pane where you can select an individual event for extended information.
Custom views can be rerun to bring in new events that are saved as an
event log file or an XML (ex-em-ell) file. You can further
modify the view by configuring filter options.
Viewing key log files directly through Windows Logs and Applications
and Services Logs in Event Viewer enables you to filter events without
saving a custom view.
Applications and Services Logs have been extended to include new log
files for hardware events, Internet Explorer, and key Windows
operational services such as Windows Update Client (windows update
client), which makes it faster for you to find warning and error
information.
Subscriptions enable you to gather troubleshooting information from
multiple log files across multiple computers and forward these events
to store them locally.
A subscription specifies exactly which events will be collected and
in which log they will be stored locally. An example of such a log is
the Forwarded Events log.
Once a subscription is active and events are being collected, you can
view and manipulate these forwarded events and create custom views.
When using subscriptions, the Windows Remote Management service and
Windows Event Collector service must be running on both the servers
that are participating in the forwarding and collecting of events.
Event Viewer in Windows Server 2008 is an indispensable tool for
monitoring the health of systems and for troubleshooting.