Tech Tip: Export event logs/Consolidate servers with VMware

Windows 2000 Professional: Export event logs

Event Viewer provides a nice set of features for viewing, filtering, and searching event logs. But Event Viewer doesn't provide the capability to export an event log to another application, such as a database. This capability is particularly useful when you need to explore the logs in detail for troubleshooting or tracking down a potential security breach, and it's also useful for generating reports.

To view and export event logs, you can use the Event Log Query tool (Elogdmp.exe) included in the Windows 2000 Resource Kit. Elogdmp.exe is a console-based command that dumps a specified log to the screen or to a file in a comma-delimited format. Elogdmp.exe exports the Date, Time, Source, Type, Category, Event ID, User, and Computer fields for each event.

Elogdmp.exe gives you the capability to dump not only the local event logs, but it also dumps the logs from computers across the network. This capability makes Elogdmp.exe a useful remote administration tool.

Here's the general syntax for Elogdmp.exe:

Elogdmp.exe <ComputerName> <EventLog>

Replace <ComputerName> with the computer hosting the log, and replace <EventLog> with the name of the log, such as System, Application, Security, DNS Server, Directory Service, or File Replication Service. If the name of the event log contains spaces, enclose the name in quotes.

Use the redirect symbol [>] to redirect the output to a file if you need to import the data into Access, SQL Server, or another database application for analysis or reporting.

Windows 2000 Server: Consolidate servers with VMware

As the number of servers you need to manage grows, the required administrative overhead also increases, particularly when it comes to backup and recovery. If you're looking for ways to consolidate servers to save hardware, take a look at VMware's GSX Server.

If you're familiar with VMware Workstation, you probably have a good understanding of what GSX Server can do for you. GSX Server enables you to create multiple virtual machines on one physical server. These virtual machines function independently of one another and can host various operating systems. For example, you might run four virtual machines on one server, with two running Windows 2000 Server, one running Windows Server 2003, and the fourth one running Linux.

Disaster recovery is another issue you should consider when evaluating whether a virtual server consolidation is right for your company. If you've ever had to recover a server from a backup, you'll appreciate the simplicity with which you can recover a virtual machine. Rather than running Setup, reinstalling the OS, and restoring backups from tape, you can simply delete the virtual machine's folder, restore that folder from a backup, and restart the virtual machine.

For more information about GSX Server or to learn about its big brother, ESX Server, check out VMware's Web site.

Editor's Picks