Top 5 Features of Windows Event Viewer

Windows Event Viewer Icon LargeIf you’ve ever had to work with Windows servers, or troubleshoot a problem with a Windows service, you’re probably familiar with the Windows Event Viewer.  You may even have a few tricks of your own, like looking up Event Viewer error codes using Google.  But you may not realize how powerful the tool can be, and what Microsoft has done to enhance it recently.  Here is our Top 5 list of great things you can do with the Windows Event Viewer now.  

5. Work with individual events as XML

4. Subscribe to events on remote machines using Event Subscriptions

3. Save Filters as Custom Views

2. Log your own custom events in the Application Log

1. Run a task in response to an event

First, it is worth mentioning that all of the features listed here are available in Windows Vista, Windows Server 2008, and Windows 7.  Some of these may have been around for longer, but they are for sure available in these versions.

XML File IconEvents as XML

Windows events used to be saved as .evt files in earlier versions of the Event Viewer, but could be saved off as .csv or .txt files for manipulation in external programs or analysis tools.  Arguably, this wasn’t ideal because labels were intermixed with data, and individual events were not easy work with in volume.  Now, events are stored in XML format and can be queried and filtered using standard XPath 1.0 expressions.

Windows Event Viewer Subscriptions IconEvent Subscriptions and ForwardedEvents

To simplify monitoring tasks, you can setup servers to forward portions of their Event Logs to remote computers.  Using a saved filter, the sending computer is configured to place relevant parts of the Event Log into the ForwardedEvents folder, where a subscribing computer can read them.  Both machines require some setup and need to have the Windows Event Collector service running for this to function, but you can imagine the power of centralizing monitoring in this way. 

Windows Event Viewer Custom View IconCustom Views and Saved Filters

The Windows Event Viewer has always had a means of searching or filtering through the logs, but this process was typically very manual and you had to repeat it each time you wanted to see the data a specific way.  Many people resorted to .csv output to a database like Microsoft Access, where saved queries could be run against the data.  Now standard XPath 1.0 queries can be formed against events in the Event Log and saved as Custom Views to be run repeatably against different data sets.  And if you’re not an XPath expert, there is a nice interface for building queries.

Windows Event Viewer Application Log IconCustom Events in the Application Log

The Windows Event Viewer (and Windows logging capabilities in general) now provide structured capabilities for software developers to use in aggregating their logging with Windows logging.  Microsoft makes a separate log type, “Applications and Services Log,” available, and defines four subtypes of logging within this area:

  • Admin for high-level messages that might require the response of a system administrator
  • Operational for more detailed (but not code-level) information
  • Analytic for developer-level logging
  • Debug for the lowest level of trace information

Windows Event Viewer Attach Task IconExecute Task Based on an Event

All of the additional capabilities in the Event Viewer are great, and certainly appreciated by those tasked with managing enterprise systems, but none can compare with the ability to execute a task in response to an event.  Capturing events is good, but taking action is even better.  There are obvious communication applications for this like, email me when a service goes down.  However, there is some self-healing ability here, too.  Once a task can be executed, the possibilities for automation are endless (from file recovery to service restarts to clearing caches).

WrenchIconThe Windows Event Viewer is an invaluable tool for anyone charged with maintaining enterprise systems where multiple layers of software interact across one or more computers.  The new features introduced in the Event Viewer in recent years make system administrators’ jobs easier (when properly configured).  If you’re looking for some help configuring these tools to simplify your PLM systems administration tasks, please contact us to see what we can do for you.

Share and Enjoy:
  • Digg
  • Facebook
  • del.icio.us
  • Google Bookmarks
  • LinkedIn
  • Mixx
  • MySpace
  • NewsVine
  • Ping.fm
  • Sphinn
  • StumbleUpon
  • Technorati
  • Twitter
  • Yahoo! Buzz
  • Print
  • email
  • RSS

Tags: , , , , , ,

Read more posts by

This entry was posted on Sunday, November 29th, 2009 at 4:00 am and is filed under Development / Programming, Platform Technologies, Technical Tips. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.