Question

Using EventViewer (Event Viewer) in Windows 2008 Server R2

Answer 1

1. Introduction

In this tutorial we will know a powerful tool, which makes it easier for administrators to resolve conflicts with our Windows 2008 Server R2, also applicable to the Windows 2008 Server version. We will start with a simple introduction and then a small example of how to start working with this fantastic and powerful tool.

2. Event Viewer

Administrators can use the Event Viewer to check and manage event logs. These records contain information about the hardware and software problems, they also handle all the security events of Windows 2008 Server 2008 R2.

A computer running Windows 2008 Server R2 records events in at least three types of records:

• Applications.
• Systems
• Security.

If our Windows 2008 Server R2 is configured as a domain controller, primary or secondary, it registers two additional registers, added to the three mentioned above:

• Directory Service.
• File Replication

In the case that Windows 2008 Server R2 has the Name System Role (DNS), it registers an additional record:

• DNS service.

We should bear in mind before starting to use the Event Viewer, that each entry of the record and the file is stored in an XML format, with this type of configuration it will help us to obtain records with much greater fluidity. However, the log files can occupy space in our server, by default, each log file will have a maximum of 20 MB of space. This space can be controlled and managed (we will explain it in another tutorial).


2.1 Running the Tool

Once inside our Windows 2008 Server R2, we go to "START" and we give right button on "COMPUTER", the options menu will be displayed and there we will click "MANAGE".

In our Server Manage window, we will find several tools to manage our Windows 2008 Server R2. In this case we will go in the main tree to the "DIAGNOSTICS" menu, where we will find a sub-menu. We will enter the tool "EVENT VIEWER". Then we will go to "WINDOWS LOGS".

Here we will find our Registries, such as "APLICATION", "SECURITY", "SYSTEM", etc.
If we stop over the first record, in this case "APLICATION", in the central part of the window we will detail each event with its respective "LEVEL". In case of finding one of our interest we can stop over it and in the central window below we will further disaggregate the event.

I detail them in an informative way the different types of "LEVEL":

• Critical error
• Error.
• Warning.
• Information.
• Verbose.

In a next Tutorial we will extract the juice to this powerful tool, that to the administrators at the time of finding possible solutions, will facilitate us the behavior of our Windows 2008 Server R2 and will give us some Tips that we want to "say" our Operating System .
In many years of dealing with different types of Operating Systems and using this tool, I have called it "DE POCKET".

---