Monitoring Windows Event Logs
The Windows Vista
operating system ships with dozens of features and applications. In
addition, it provides one of the most flexible platforms for installing
new hardware and applications. All of these components of the system
might need to send messages and notifications to users. Examples include
warnings, error messages, and status messages. In some cases, graphical
programs might have their own user interface for displaying messages.
Some programs can use system tray notifications to get attention.
However, many components of Windows Vista do not have user interfaces at
all.
The
Windows event logs enable operating system features, drivers,
applications, and services to record important information that users
might need to review. Application developers can create their own event
logs or write to existing ones.
Using the Event Viewer
It is not uncommon
for the Windows operating system to have thousands of messages that
might provide some useful types of information. Clearly, using a method
such as text files would make it difficult for you to find information
that is of interest. To help resolve this potential information
overload, Windows Vista includes an updated Event Viewer console that
enables users and support technicians to access and review relevant
event-related information quickly.
You can launch Event Viewer through the Administrative Tools program group or by searching for it using the Start menu. Figure 1 shows an example of the information available in the Event Viewer user interface.
Viewing Events by Event Types
One
of the more challenging aspects of monitoring system-related messages
such as those stored in the Windows event logs is filtering out unwanted
details. Event Viewer automatically performs several different types of
grouping. In the Administrative Events section under the Custom Views
grouping, Event Viewer displays items based on the type and importance
of the message. The default event types you see in all event logs
include the following:
Critical Serious system-related issues that could cause downtime or data loss. Review these items immediately.
Error Application-related or service-related error reports.
Warning Informational messages that can identify potential situations of which users should be aware.
Information Messages that provide details but are not necessarily warning or error conditions.
Audit Success and Audit Failure Events that are generated based on auditing options you enable.
You can obtain an
overview of items in each category by expanding the relevant section.
You can get more details about a specific item by double-clicking it in
the list. Figure 2
shows a network-related warning. The General tab provides basic
information about the event, including when it occurred and a text
description. You can obtain additional information about the event by
clicking the Details tab.
When
troubleshooting a computer running Windows Vista, a good first step is
to access Event Viewer and then examine a list of the critical and
error-related events (if any). A good starting point for getting an
overview of important events is to select the Administrative Events item
in the Custom Views folder. You can easily identify a wide range of
issues, from application problems to hardware-related configuration
details, in this section.
Viewing Specific Event Logs
Another method by
which Windows Vista categorizes event information is based on the actual
event log itself. The primary types of Windows event logs include the
following:
Application
Security
Setup
System
Numerous additional logs are available within the Applications And Services Logs section in Event Viewer. Figure 3
shows some examples. Each of these logs is specific to a particular
application, service, or operating system function. For example, there
are logs related to various diagnostics such as networking and disks.
Overall,
Event Viewer can provide a great starting point for detecting specific
problems or errors that are occurring on the system. In fact, users
should monitor these messages regularly, even if the system appears to
be running properly.
Anil Desai
Over time,
operating systems and applications have become increasingly complicated.
Platforms such as Windows Vista include dozens of features and options
that you can configure based on users’ settings. There’s always the
potential for some of this functionality to stop working correctly.
That’s when the process of troubleshooting is required.
In the past,
there have been frustrating technical problems in which I resorted to
making seemingly random system changes in an attempt to resolve the
issue. Although it’s often tempting to attempt to make haphazard changes
to a system and measure the effects, this is rarely the most efficient
route to correcting a problem. In some cases, you might get lucky, but
there’s almost always a better approach.
Perhaps the
single most important aspect of troubleshooting complex issues is
developing a logical process. Some examples of steps include the
following:
Identify the issue
Before beginning the troubleshooting process, it’s important to have a
clear picture of the issue you need to resolve. In some cases, the
problem might be apparent. For example, if Windows Vista does not boot
properly, the symptoms are clear. In other cases, the problems might be
more difficult to detect. For example, a customer might mention that his
or her computer has slowed down significantly over time. There are
numerous potential causes of this problem.
Collect details about the problem
The most common cause of technical issues is change. When
troubleshooting operating system issues, some important questions to ask
revolve around when the problem started. Generally, you’ll often find
that the user has installed new software or hardware on the computer or
changed the configuration of a feature. It’s important to note that this
isn’t always the case; for example, hardware failures can crop up
seemingly instantly and cause serious issues.
Develop a troubleshooting plan
Often, there are numerous ways in which you can attack a particular
problem. Your goal should be to combine information about the likelihood
of a solution and its difficulty. For example, it’s quite likely that
reinstalling the operating system from scratch will resolve many common
issues. However, the time-consuming process of reinstalling and
reconfiguring applications should make this option a last resort. Using
malware scanners such as Windows Defender and other system utilities
might be more likely to resolve the problem and require less effort.
Verify the solution
It probably goes without saying that you should retest to verify that
the issues you identified in the first step have been resolved.
When working in
the role of a Consumer Support Technician, you might find yourself
resolving problems for the customer. To prevent future problems, it’s
often worthwhile to educate the user about the source of the problem and
how he or she might avoid the problem in the future. This can
significantly help improve the end-user experience and reduce the amount
of support you’ll need to provide in the future.
For experienced
technical professionals, these steps might seem like common sense.
However, many different approaches to solving problems are available. To
use an analogy from the medical profession, an important directive is
“First, do no harm.” Some types of troubleshooting steps (such as wiping
the hard disk and doing a complete reinstallation) might be excessive.
They’re roughly analogous to curing the disease by killing the patient.
The overall key is to remember to follow an organized process when
troubleshooting simple and complex problems and to use the most
efficient (and least harmful) method of resolution.
