Windows Server 2003 admins can benefit from using the various snap-ins included with the Computer Management Console. Learn about one of these snap-ins: Event Viewer.
Windows Server 2003 admins can benefit from using the various snap-ins included with the Computer Management Console. This tip offers a more detailed introduction to one of these snap-ins: Event Viewer. (To access the Computer Management Console in Windows Server 2003, right-click the My Computer Icon on the Start menu and select Manage with the left button.)
Event Viewer displays items logged by the system when actions happen within a Windows Server 2003 system. You can access the tool from the Run dialog by entering eventvwr and clicking OK.
By default, the events logged are captured in one of these log files:
(Other applications — which include later versions of Microsoft Office and Internet Explorer, Microsoft Active Directory, and File Replication Services — may create their own logs, which will appear in the event log.)
Each of the logs included in Event Viewer by default allow you to quickly view actions taking place on a system. For example, the starting and stopping of services are recorded as informational entries in the System log.
The System and Application logs also record warning events and critical events. Warning events display events that are not immediate problems but could cause more serious issues if left unchecked. Critical events occur when a component or application fires an error when performing a task. An example of a critical event within the Directory Services log might be an error that occurs when the Domain Controllers in your Active Directory environment cannot replicate directory service information between each other. While this error can be caused by several things, including network outages or problems with DNS, it is classified as critical because it becomes a significant point of possible failure in your environment.
You can also use Event Viewer to back up and clear the event logs. You may want to do this if a given log has reached its maximum size limit.
To clear a log of all the events it currently holds, follow these steps:
Follow these steps to change the size of a log:
When the log files are created, they are assigned a default size of 512 KB. This size is usually easy to manage; however, if the system is accessed frequently and processes many logons, the Security log may become full more often than you like. If this happens, the PC will prevent logons by anyone who is not a member of the administrators group. (This is typically not an issue on a server system, but I’m using it as an example of an event that can occur that will fill the log file.)
To remedy full log files, you can assign one of the following actions to each log file:
If you assign either of the first two options, it will allow the logs to manage themselves in terms of disk space.
Note: It’s important to review log files on a regular basis to ensure that your Windows Server 2003 systems are functioning properly. The log archiving option will allow you to review the log files, while keeping the active logs manageable with little intervention.
Check out the Windows Server 2003 archive, and catch up on the most useful tips from this newsletter.
Stay on top of the latest Windows Server 2003 tips and tricks with our free Windows Server newsletter, delivered each Wednesday. Automatically sign up today!
Derek is a seasoned cloud engineer with expertise in Azure and Google Cloud. He has held roles ranging from IT manager in manufacturing to consultant, bringing a broad perspective to his work. Derek is the author of three books on Windows, PowerShell, and Azure certification and has contributed to publications like TechRepublic. A former Microsoft MVP (2008–2018) in File System Storage and Cloud and Datacenter Management, he is passionate about sharing knowledge and advancing technology expertise.
