【 Weak current College 】 server maintenance: Event Viewer related knowledge

Event Viewer is equivalent to the operating system's health doctors, some traces of the "apocalyptic" in Event Viewer, a qualified system maintenance and safety maintenance staff will regularly review the use of procedures, security, and system log, view can exist illegal login, the system can not be non-graceful shutdown, program execution is incorrect and other information, by viewing the event property to determine the source of the incorrect result and processing Essentials so that the operating system and use the program to work correctly. This article suggests some of the event viewer, on security maintenance personnel maintenance system has the necessary experience and references.

1. in the event viewer

Event Viewer is an operating system tool, MicrosoftWindows Event Viewer is equivalent to a thick in the system log, you can view on the hardware, software and system information in question, or you can monitor Windows security events in the operating system. There are three forms to open Event Viewer:

(1) click the "start"-"configuration"-"Control Panel"-"maintenance tools"-"Event Viewer", open the event viewer window

(2) in the "run" dialog box to manually type the "% SystemRoot% \system32\eventvwr.msc/s" to open the event viewer window.

(3) running directly enter "eventvwr" or "eventvwr.msc" directly to open Event Viewer.

2. in the event viewer records the log type

In the event viewer has recorded three types of logs, namely:

(1) use the program log

Contains procedures for using the program or system events that are logged, the first record is running of the event, such as a database program can use the program log file is not correct, program developers decide which events to monitor. If a crash occurs with the program, so we can process the event log to find the appropriate record, may help you deal with questions.

(2) the security log

Records events such as valid and invalid logon attempts, as well as events related to resource use, such as creating, opening, or deleting files or other objects, system maintenance can be specified in the security log records what event. The default configuration, the security log is closed, the maintenance staff can use Group Policy to start the security log or in the registry to configure an audit policy, so that when the security log is full enables the system to stop responding.

(3) the system log

Contains the Windowsxp system components record events, for example in the startup process loads the driver or other system component failure is logged in the system log, by default Windows system event log to syslog. If your computer is configured as a domain controller, you also will contain the directory service log, file replication service log; if the camera is configured as a domain name system (DNS) server, you also will record the DNS server log. When you start Windows, the "event log" service (EventLog) starts automatically, all users can view the use of the program and the system log, but the only maintenance required to access the security log.

In the event viewer on the primary records of the five events, Event Viewer icon to the left of the screen describes the Windows operating system for the classification of the event. Event Viewer displays the following types of events:

(1) incorrect: major questions, such as loss of data or functional loss. For example, if the service cannot be loaded during startup, will record a is incorrect.

(2) warning: you must first and foremost event can also be noted that potential questions. For example, if the hard disk space is low, a warning will be logged.

(3) information: Describes using a program, driver, or service may not be able to operate a successful event. For example, if a network driver loads successfully, an information event is logged.

(4) the successful audit: audit and successful security access attempts. For example, a user has successfully logged on to the system attempts to as a "success audit" event is logged.
(5) failure audit: audit and have not been successful security access attempts. For example, if a user tries to access a network drive, but is not successful, the attempt to be as "failed review" is logged.

In the next "Event Viewer maintains server instance", we will combine detailed operational processes screenshot on event viewer performs detailed explanation of the operation.