• Using Event Viewer• Event Levels• Creating Custom Views• Windows Logs• Monitoring Performance

• Event Viewer is one of the primary tools to watch a Windows system

• You can double click on any event in the center pane

• Provides important details for troubleshooting purposes– Source– Event ID– User

• Event Levels• Information events—indicates a change has

occurred or describe a successful completion of an operation

• Critical events—is an event that an application or component cannot automatically recover from

• Error events—indicate a problem has occurred external to the application that might impact functionality

• Event Levels• Warning events—indicate events that may

lead to a problem in the future

• Not a new feature in 2008• Does allow to save custom views which is a

new feature• Some custom views are created automatically– Server roles—each time you add a server role, a

custom view is created– Administrative events—shows critical, error and

warning events from all administrative logs

• Application—logs events from applications.• Security—displays all audited events. Events

include file auditing (who is accessing the file), logon events and other objects.

• System—logs events related to the operating system. A service not starting would be logged to the system event log

• Monitoring tools:– Performance Monitor—uses objects and counters

to monitor performance– Resource Monitor—constantly running and

capturing counters on the core four resources of your system.• Processor• Memory• Disk subsystem• Network Interface