Step 10 - Review Event Viewer Logs

Previous page
Table of content
Next page

Step 10—Review Event Viewer Logs

Windows XP constantly monitors your system for unusual or noteworthy occurrences. It might be a service that doesn’t start, the installation of a device, or an application error. These occurrences are called events, and Windows XP tracks them in three different event logs:

  • Application This log stores events related to applications, including Windows XP programs and third-party applications.

  • Security This log stores events related to system security, including logons, user accounts, and user privileges. Note that this log doesn’t record anything until you turn on Windows XP’s security auditing features. You do this by opening the Group Policy Editor and selecting Computer Configuration, Windows Settings, Local Policies, Audit Policy. You can then enable auditing for any of the several polices listed.

  • System This logs stores events generated by Windows XP and components such as system services and device drivers.

    Note

    The System log lists device driver errors, but remember that Windows XP has other tools that make it easier to see device problems. As we discussed in Chapter 9, “Installing and Troubleshooting Devices,” Device Manager displays an icon on devices that have problems, and you can view a device’s property sheet to see a description of the problem. Also, the System Information utility (Msinfo32.exe) reports hardware woes in the System Information, Hardware Resources, Conflicts/Sharing branch and the System Information, Components, Problem Devices branch.

You should scroll through the Application and System event logs regularly to look for existing problems or for warnings that could portend future problems. (The Security log isn’t as important for day-to-day maintenance. You need to use it only if you suspect a security issue with your machine; for example, if you want to keep track of who logs on to the computer.) To examine these logs, you use the Event Viewer snap-in, available either via selecting Start, Run and entering Eventvwr.msc or by launching Control Panel’s Administrative Tools icon and selecting Event Viewer. Figure 12-7 shows a typical Event Viewer window. Use the tree in the left pane to select the log you want to view: Application, Security, or System.

click to expand
Figure 12-7: Use the Event Viewer to monitor events generated by applications and Windows XP

When you select a log, the right pane displays the available events, including the event’s date, time, and source, its type (Information, Warning, or Error), and other data. To see a description of an event, double-click it or select it and press Enter.

Insider Secret

Rather than monitoring the event logs by hand, Windows XP comes with a couple of tools that can help automate the process. The Eventquery.vbs script enables you to query the log files for specific event types, IDs, sources, and more. Search Windows XP’s Help And Support Center for “eventquery” to get the script’s command-line syntax. Also, you can set up an event trigger that will perform some action when a particular event occurs. You do this using the Eventtriggers.exe utility. Search the Help And Support Center for “eventtriggers” to get the full syntax for this tool.



Previous page
Table of content
Next page
Insider Power Techniques for Microsoft Windows XP
Insider Power Techniques for Microsoft Windows XP (Bpg-Other)
ISBN: 0735618968
EAN: 2147483647
Year: 2005
Pages: 126
Authors: Paul McFedries, Geoff Winslow, Scott Andersen, Austin Wilson
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
Lotus Notes and Domino 6 Development (2nd Edition)
Managing Enterprise Systems with the Windows Script Host
Introduction to 80x86 Assembly Language and Computer Architecture
File System Forensic Analysis
.NET-A Complete Development Cycle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy