Chapter 16. Event Logs and Log Files
Event logs provide a standard way for the operating system, services, and applications to record important actions (e.g., application failures), report status messages, keep track of security events, and log boot up messages. In this way, event logs are similar to the syslog facility on UNIX and Linux platforms. They can be an extremely useful resource when you need to troubleshoot specific issues and are often the first places we look when trying to diagnose a problem. In fact, it is good to periodically check your event logs to find any application or system components that are failing without you knowing.
In addition to the event logs, Windows XP also has several log files that you can use to monitor and troubleshoot specific problems. The last few recipes we cover in this chapter describe how to enable some of the more important log files and in what situations you might want to use them.
Using a Graphical User Interface
There are two graphical tools that you should be familiar with for querying and viewing event log messages. Event Viewer (eventvwr.msc) has been around since the early days of Windows NT and is provided out of the box under Administrative Tools. It is a simple MMC snap-in that lets you view and filter messages in the event logs. You can also view the event logs on a remote machine with it, but depending on the size of the logs on the remote system and the network connection in between, this can be a painfully slow ...