Event Viewer is the next tool to use
when debugging, problem solving, or troubleshooting to resolve a
problem with a Windows Server 2012 system. Event Viewer, as shown in Figure 1,
is a built-in Windows Server 2012 tool completely rewritten based on an
Extensible Markup Language (XML) infrastructure, which is used for
gathering troubleshooting information and conducting diagnostics. Event
Viewer was completely rewritten in Windows Server 2008, and many new
features and functionality were introduced, including a new user
interface and a home page, which includes an overview and summary of
the system.
Figure 1. Event Viewer, including the Overview and Summary pane.
The upcoming sections focus on the basic
elements of an event, including detailed sections covering the features
and functionality.
Microsoft defines an event as any significant
occurrence in the operating system or an application that requires
tracking of the information. An event is not always negative. A
successful logon to the network, a successful transfer of messages, or
replication of data can also generate an event in Windows. It is
important to sift through the events to determine which are
informational events and which are critical events that require
attention.
When server or
application failures occur, Event Viewer is one of the first places to
check for information. You can use Event Viewer to monitor, track,
view, and audit security of your server and network. It is used to
track information of both hardware and software contained in your
server. The information provided in Event Viewer can be a good starting
point to identify and track down the root cause of any system errors or
problems.
Event Viewer can be accessed through the
Server Manager. You can also launch Event Viewer by running the
Microsoft Management Console (mmc.exe) and adding the snap-in or
through a command line by running eventvwr.msc.
Each log has common properties associated with its events. The following bullets define these properties:
• Level—This property
defines the severity of the event. An icon appears next to each type of
event. It helps to quickly identify whether the event is informational,
a warning, or an error.
• Date and Time (Logged)—This
property indicates the date and time that the event occurred. You can
sort events by date and time by clicking this column. This information
is particularly helpful in tracing back an incident that occurred
during a specific time period, such as a hardware upgrade before your
server started experiencing problems.
• Source—This property
identifies the source of the event, which can be an application, remote
access, a service, and so on. The source is very useful in determining
what caused the event.
• Event ID—Each
event has an associated event ID, which is a numeral generated by the
source and is unique to each type of event. You can use the event ID on
the Microsoft Support website (www.microsoft.com/technet/) to find topics and solutions related to an event on your server.
• Task Category—This
property determines the category of an event. Task Category examples
from the Security log include Logon/Logoff, System, Object Access, and
others.
