Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Monitoring Windows Small Business Server 2011 : Using Event Viewer

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
4/7/2013 6:26:07 PM

Several Windows SBS 2011 tools, including the Windows SBS Console and the Server Manager Console, display selected entries from the Windows event logs, but to view these logs in their entirety, you must use the Event Viewer Console, shown in Figure 1.

The Event Viewer Console.

Figure 1. The Event Viewer Console.

Viewing Event Logs

The Windows Eventing engine is responsible for monitoring system activities on all Windows computers and recording information about those activities in various logs. Each log contains a series of entries called events. The Event Viewer Console is simply an application that displays those events in various formats.

To launch Event Viewer, you can use any one of the five methods:

  • Click Start. Then click Administrative Tools > Event Viewer.

  • Click Start. Then click Control Panel > System and Security > Administrative Tools, and double-click Event viewer.

  • Open a blank Microsoft Management Console (MMC) and add the Event Viewer snap-in.

  • Click Start and type Event Viewer or Eventvwr.msc in the search box.

  • Open the Computer Management Console and expand the Event viewer node.

The Overview and Summary display that appears in the console by default lists the most recently occurring events by type. The Windows Eventing engine creates events of several types:

  • Critical Warns that an incident resulting in a catastrophic loss of functionality or data in a component or process has occurred

  • Error Warns of a problem that is not likely to affect the performance of the component or process where the problem occurred, but which could affect the performance of other system components or processes

  • Warning Warns of a service degradation or an occurrence that can potentially cause a service degradation in the near future unless an administrator takes steps to prevent it

  • Information Describes a change in the state of a component or process as part of a normal operation

  • Audit Success Indicates the successful completion of a system process or activity for which an audit policy is active

In addition to a chronological display by type, Event Viewer can also display the most current events in each of the following individual logs, regardless of type:

  • Application Contains information about specific programs running on the computer, as determined by the application developer.

  • Security Contains information about security-related events, such as failed logons, attempts to access protected resources, and success or failure of audited events. The events recorded in this log are determined by audit policies, which you can enable using either local computer policies or Group Policy.

  • Setup Contains information about the operating system installation and setup history.

  • System Contains information about events generated by the operating system, such as service start and device driver load failures.

  • Forwarded vents Contains events received from other computers on the network via subscriptions.

Using Other Event Viewer Functions

In addition to providing access to the main Windows logs, the Event Viewer Console displays logs for individual applications and services, and enables you to create custom logs containing events of specific types, from specific sources, and from specific time periods by using the Create Custom View dialog box shown in Figure 2.

The Create Custom View dialog box, from the Event Viewer Console.

Figure 2. The Create Custom View dialog box, from the Event Viewer Console.

Another powerful feature of the Event Viewer Console is the ability to audit the success or failure of specific system events, such as account logons and modifications to AD DS objects. For example, you can modify logon failures to determine if someone is making repeated attempts to guess a user’s password. To use auditing, you must enable specific Group Policy settings, as shown in Figure 3. When the system detects one of the selected events, it creates an entry in the Security log, which you can evaluate later.

The Audit Policy settings in the Group Policy Management Editor Console.

Figure 3. The Audit Policy settings in the Group Policy Management Editor Console.

Windows Server 2008 R2 also includes an Advanced audit policy configuration node in its GPOs, which enables you to monitor Windows 7 system activities on a more granular level, as shown in Figure 4.

The Advanced audit policy configuration node in the Group Policy Management Editor Console.

Figure 4. The Advanced audit policy configuration node in the Group Policy Management Editor Console.

Note

BEST PRACTICES Some audit policies, such as Audit system events, can generate a large number of entries in a short period of time. This is one reason why auditing is not enabled by default. In most cases, the best practice is to turn auditing on for brief periods and then turn it off again, making sure that you have enough storage space for the Security log file.
Other -----------------
- Windows Server 2008 : Promoting and Demoting a Domain Controller - Promoting a DC to an RODC with an Existing Account
- Windows Server 2008 : Promoting and Demoting a Domain Controller - Demoting a DC with dcpromo, Using dcpromo with an unattend File
- SharePoint 2010 : Configuring Search Settings and the User Interface - The Preferences Page: An Administrator's View
- SharePoint 2010 : Configuring Search Settings and the User Interface - Federated Search
- Windows Server 2008 R2 : Hyper-V feature focus - Planning for Hyper-V, Installing and Administering Hyper-V
- Windows Server 2008 R2 : Hyper-V feature focus - Introduction to Virtualization and Hyper-V, Hyper-V Changes
- Windows Server 2003 on HP ProLiant Servers : File Replication Service Design and Implementation (part 2) - Diagnostics and Troubleshooting Methods and Tools
- Windows Server 2003 on HP ProLiant Servers : File Replication Service Design and Implementation (part 1)
- Understanding Network Services and Active Directory Domain Controller Placement for Exchange Server 2007 : Understanding AD Functionality Modes and Their Relationship to Exchange Groups
- Understanding Network Services and Active Directory Domain Controller Placement for Exchange Server 2007 : Exploring DSAccess, DSProxy, and the Categorizer
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server