Event Viewer

Event Viewer is a Microsoft Windows Server administrative tool used to monitor events on a server.

What is Event Viewer?

A Microsoft Windows NT administrative tool used to monitor events on a server.

Events are significant actions that take place on a server and include the following:

  • A process has been completed, such as the defragmentation of a database.
  • A service has been started, stopped, or paused.
  • A service has issued an unexpected response to a client.
  • A service was unable to start.
  • A memory violation has occurred, resulting in an application being terminated.

Event Viewer records events in three different logs:

  • System log:
    Records warnings, errors, and information events about Windows NT services and devices

     

  • Security log:
    Records success and failure events for objects being audited

     

  • Application log:
    Records warnings, errors, and information events about applications running on the server

     

The system and application logs should be monitored regularly for signs of problems with devices, services, or applications running on the server. When a problem occurs, Event Viewer is the first place you should check. If auditing is configured on the server, you can monitor the security log for signs of attempted unauthorized access (failure audits) or for an indication of resource usage (success audits).

Graphic E-7. Event Viewer.

NOTE

In Windows 2000, Event Viewer is implemented as a snap-in for Microsoft Management Console (MMC) and appears as one of the administrative tools in Control Panel. The Windows 2000 Server version of Event Viewer includes additional logs such as the directory service log, the DNS server log, and the file replication service log. Windows 2000 Event Viewer is extensible, with additional logs present when new network services are installed on the machine.

TIP

Select View, and then select Filter Events to filter out unwanted events when the Event Viewer logs are large.