لطفا منتظر باشید ...
Publisher| Event LogsConcepts |
occurrence of an
activity of the WS2003 operating system, an installed component, or
an application. Events are generated automatically and are recorded
in event logs, which can then be viewed and analyzed using the Event
Viewer console in Administrative Tools. The key is to use Event
Viewer to regularly monitor the event logs on your servers and deal
with any situations that arise. You can use Event Viewer to search
for or filter particular types of events if the log becomes
excessively large. It's also important to configure
the size limit and retention period for event logs as soon as you set
up a new server. Logs can wrap (newer events start overwriting older
ones) once they reach a certain size, but this may cause important
information to be lost. It's better to configure a
decent chunk of disk space for each log and then archive and clear
logs regularly, so that your information is saved but disk space is
freed up.
Default Logs
Three event logs are present on every WS2003 computer:
- System log
This log contains events
generated
by activities of the operating system. Examples of system events
include the activities of services such as the Net-Logon service,
failures of drivers to initialize properly, changes in the role of a
server from member server to domain controller, and so on. System
events come in three flavors:- Information events
These events simply
describe
normal activites that have occurred, such as the successful startup
of the Event Log service itself, the establishment of a remote access
connection, a browser forcing an election on the network, and so on.
Some information events also record failures of certain activities
that have no real consequence on network operations.- Warning events
These events describe
occurrences that may be problems, such as
failure of dynamic registration of a DNS name due to DNS client
misconfiguration, failure of the Windows Time Service to find a
domain controller, space running low on a disk, a scope on a DHCP
server being 100% leased, and so on. You might be able to get by for
a while with a warning, but you should resolve the problem as soon as
you can.- Error events
These events describe
critical
occurrences that could result in loss of data or other significant
problems. Error events include the failure of a required service such
as failure of a workstation to initialize, the refusal of a dynamic
DNS update from a DNS server, the PDC emulator of the forest root
domain not having its time synchronized with a member server or
clocking device, failure of a device driver, and so on.- Application log
This log contains events
generated by applications running on the
computer. The vendor must specifically code its applications to
generate these events. Application events are usually helpful only
when you give the information to the vendor to help troubleshoot
problems you are encountering. However, some WS2003 system events are
also logged here, such as Dr. Watson events for application failures,
security events related to Group Policy, violations of export
cryptography restrictions for IPSec, IIS activities involving Active
Server Pages (ASP) functionality, and so on. Application log events
are also either information, warning, or error events.- Security log
This log contains
events
generated when auditing is configured on the computer (for more
information, see Auditing earlier in this
chapter). A security log event is one of the following:- Success events
These indicate that
the audited action occurred
successfullyfor example, a user successfully logged on to the
network, successfully accessed a file on a share, or successfully
exercised a system right he possesses.- Failure events
These indicate that
the audited action failed in its
attemptfor example, a user tried to log on but failed because
she entered a wrong password, tried to access a mapped drive but
couldn't because of permission problems, tried to
access a printer object in Active Directory but was refused, and so
on.
Additional Logs
Depending on which optional WS2003 components are installed on your
computer, other event logs may be displayed by Event Viewer:
- Directory service log
This log records the activities of Active Directory and is present on
WS2003 domain controllers. Events are either information, warning, or
error type.- DNS server log
This log records the activities of a WS2003 DNS server. Events are
either information, warning, or error type.- File Replication Service log
This log records the activities of the File Replication Service (FRS)
on a WS2003 on which DFS is configured. Events are information,
warning, or error type.
