Server Maintenance: Knowledge of the Event Viewer

  
                  The event viewer is equivalent to the health care doctor of the operating system. Some "disease" clues will be presented in the event viewer. A qualified system administrator and security maintenance staff will periodically check the application, security and system logs to see if they exist. Information such as illegal login, system shutdown, program execution error, etc., by checking the event attributes to determine the source and solution of the error, so that the operating system and applications work properly. This article introduces some relevant knowledge of the event viewer, and has certain reference and reference for the maintenance maintenance personnel maintenance system.

1.

Event Viewer Event Viewer is a Microsoft Windows operating system tool, Event Viewer system is equivalent to a thick log, you can view the question on hardware, software and systems Information can also monitor security events in the Windows operating system. There are three ways to open the event viewer:

(1) Click "Start" - "Settings" - "Control Panel" - "Administrative Tools" - "Event Viewer", open the event viewer window < BR>
(2) Open the Event Viewer window by manually typing "%SystemRoot%\\system32\\eventvwr.msc /s" in the "Run" dialog box.

(3) Enter "eventvwr" or "eventvwr.msc" directly in the operation of direct open Event Viewer. Log Type



2. Event Viewer records a total of three types of log records in the Event Viewer, namely:

(1) the application log < BR>
Contains events logged by the application or system program. It mainly records the running events of the program. For example, the database program can record file errors in the application log, and the program developer can decide which events to monitor. If an application crashes, we can find the corresponding record from the program event log, which may help you solve the problem.

(2)

security log records such as valid and invalid logon attempts and other events, as well as events related to resource use, such as creating, opening, or deleting files or other objects, the system Administrators can specify what events are logged in the security log. By default, the security log is turned off, administrators can use Group Policy to start the security log, or set an audit policy in the registry to stop the system from responding when the security log is full.

(3) system log contains events

Windows XP system components records, such as loading drivers or other system components during startup failure will be recorded in the system log, by default Windows logs system events to the system log. If the computer is configured as a domain controller, it will also include the directory service log, file copy service log; if the machine is configured as a Domain Name System (DNS) server, the DNS server log will also be logged. When you start Windows, the Event Log service (EventLog) starts automatically, and all users can view the application and system logs, but only administrators can access the security log.

There are five main events recorded in the Event Viewer. The icon on the left side of the Event Viewer screen describes the classification of events by the Windows operating system. The Event Viewer displays the following types of events:

(1) Error: Major issues such as data loss or loss of functionality. For example, if the service fails to load during startup, an error is logged.

(2) Warning: Not necessarily significant events also pointed out potential problems. For example, if the disk space is low, a warning is logged.

(3) Information: An event that describes whether the application, driver, or service was operating successfully. For example, if the network driver loads successfully, an information event is logged.

(4) Success Audit: audited security access attempt and success achieved. For example, a user's successful login attempt to the system will be logged as a "successful review" event.

(5) Failure Audit: Audit and did not try to accept the success of security access. For example, if a user attempts to access a network drive but is unsuccessful, the attempt is logged as a "failure audit."

In the next "Event Viewer to maintain server security instance," we will combine the specific operation to capture the Event Viewer explain in detail the operation.
Copyright © Windows knowledge All Rights Reserved