Windows 2003 event logs

Windows 2003 event logs

Event Viewer displays items logged by the system when actions happen within a Windows Server 2003 system.

Application: Shows events recorded by applications that are installed on the system.
System: Shows Windows system events.
Security: Contains records of logon/logoff actions and privilege use.

Other logs are Microsoft Office and Internet Explorer, Active Directory, and File Replication Services ,DNS etc

Types of he logs are Information Warnings and Errors

Eg:
Event Type:    Information
Event Source:    Microsoft Office 12 Diagnostics
Event Category:    None
Event ID:    213
Date:        3/16/2011
Time:        8:59:50 PM
User:        N/A
Computer:    xyz
Description:
The default thresholds are being used.

How to view event logs
———————-
1 Type eventvwr in RUN window
2 Start > Programs > Administrative tools > Event Viewer
3 Right click > My computer > Manage > Event Viewer

To clear a log of all the events
——————————–
In the left pane of the Computer Management Console, right-click the event log you want to clear and select Clear Log.
Windows Server 2003 will ask you if you want to save the contents of the file before clearing it. Click Yes and then choose a location to save the contents of the log.
Click Save. This will back up the contents of that log and clear it.

How to change the size of a log
——————————-
Right-click the log file object for which you wish to adjust the size and select Properties.
Enter the new file size in the Maximum Size box (the default is 512 KB), then click OK.

Maintaining log files automatically
———————————–
When the log files are created, they are assigned a default size of 512 KB. This size is usually easy to manage; however, if the system is accessed frequently and processes many logons, the Security log may become full more often than you like. If this happens, the PC will prevent logons by anyone who is not a member of the administrators group(This is not an issue on a server system)

When the maximum log size is reached,Available options are
Overwrite events as needed (overwrite the oldest events first)
Overwrite events older than xx days
Do not overwrite events (clear logs manually)

Archiving the Event Logs
————————
Logs can be archived in three formats:

Event log format for access in Event Viewer

Tab-delimited text format, for access in text editors or word processors or import into spreadsheets and databases

Comma-delimited text format, for import into spreadsheets or databases

Creating Log Archives in the Event Viewer Format:
In the Computer Management console, double-click the Event Viewer entry. You should now see a list of event logs.

Right-click the event log you want to archive and select Save Log File As from the shortcut menu.

In the Save As dialog box, select a directory and a log filename.

In the Save As Type dialog box, Event Log (*.evt) will be the default file type.

Choose Save.

Creating Log Archives In Other Formats:
In the Computer Management console, double-click on the Event Viewer entry. You should now see a list of event logs.

Right-click on the event log you want to archive and select Save Log File As from the shortcut menu.

In the Save As dialog box, select a directory and a log filename.

Using the Save As Type drop-down list box select the Text or CSV log file format.

Choose Save.

Rotate logs
———–
Here’s a VBS script that will save your event log and clear it. Put this in a scheduled task.

strComputer = “.”
Set objWMIService = GetObject(“winmgmts:{impersonationLevel=impersonate,(Backup)}!\\” & strComputer & “\root\cimv2”)
Set colLogFiles = objWMIService.ExecQuery(“Select * from Win32_NTEventLogFile Where LogFileName=’Application'”)
For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog(“c:\\application” & year(Now) & “_” & month(Now) & “_” & day(Now) & “_” & hour(now) & “_” & minute(now) & “.evt”)
objLogFile.ClearEventLog
Next

Refferences:
http://msdn.microsoft.com/en-us/library/aa394593%28v=vs.85%29.aspx
http://ss64.org/viewtopic.php?id=1269

Advertisements

Posted on September 2, 2011, in Uncategorized, Windows. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: