Microsoft® Windows® 2000 Scripting Guide
« Previous | Next »
Event logs provide a central repository for recording the activities that take place on a computer. Because many of the most meaningful of these events are recorded in one of the event logs, you can find a given event without having to search through a multitude of source-specific log files. On the other hand, because each event log contains events generated from many sources, it can be difficult to identify a set of related events. The advantages/disadvantages of the operating system s use of event logs reflect the problems inherent in managing one large data source versus the problems inherent in managing many smaller data sources.
Another advantage/disadvantage is that event logs are written using a proprietary binary data format and are designed to prevent modification of the contents of the log. This design provides a high level of security but also makes it more difficult to analyze the contents of the event log. Historically, this could be done only by using the Event Viewer snap-in and on only one computer at a time.
Fortunately, Windows 2000 includes a number scripting tools that make it easy to manage event logs across the enterprise.
In addition to the event logs, the operating system also writes other events to plain-text log files, most of which are located in the %windir%\Debug folder. Plain-text log files are useful for operations that might generate thousands of events at a time. Because these operations generate so many events, it would be unwise to have them save events to an event log; the thousands of events generated by this single operation might completely fill the log, overwriting all the other events that have taken place on the computer.
For example, each time the File Replication service runs, the resulting log file might contain several thousand lines, depending on the amount of data replicated. Instead of each replication operation being written as an event log record, all the replicated data is recorded in a plain-text log file (%windir%\Debug\NtFrs.log).
One major advantage of these log files is that they are written as plain-text files, files that can be opened and viewed using any text editor. However, plain-text log files also have limitations:
Send us your feedback | « Previous | Next » |