In this article, we will discuss Windows logging, using the event viewer and denoting where the windows logs are stored.
Windows server options include a robust logging and management system for logs. These logs record events as they happen on your server via a user process, or a running process. This information is very helpful in troubleshooting services and other issues, or to investigate a security problem.
Windows references logs as events, while Plesk and most other systems call them logs. For standardization, they are called logs in this article. Follow below to see how you can use the event viewer to review your logs and investigate issues.
Accessing The Event Viewer
The first step in accessing the Event Viewer is to connect to your server. Gaining access to the server can be accomplished through the Console button in Manage, or through a manual RDP connection.
Once you have connected to your Windows server, you will need to log in to your administrator account. Once logged in, click the Start menu, then Event Viewer.
Using The Event Viewer
The event viewer is a system application included on all versions of Windows servers. This program allows you to view logs recorded to it by applications and the system. The event viewer has four main views you will see when you first launch the application:
- Custom Views
- Windows Logs
- Application and Services logs
For this article, we will focus mainly on the Windows Logs. The project you are hosting may have you reference the application logs for programs you use, which may be outside the scope of this article.
All logs are assigned an event level. This event level denotes the severity or seriousness of any issues noted in the logs. The default view of the list below is by acuity.
- Audit Success – (Security category only)
- Audit Failure – (Security category only)
You will also notice that Windows logs are broken down into categories. These classifications are listed below, along with some quick info about each section.
Application – Logs related to drivers and other system components
Security – Logs pertaining to successful and failed logins, and other authentication requests
Setup – Logs associated with Windows install and updates
System – Logs linked to uptime, service status changes, and other messages generated by the operating system
Forward Events – Logs from a remote server, forwarded to this server
Clicking on any of the categories above will load all of the saved logs for that category. The logs will, by default, be arranged in chronological order. You can also modify how the logs are arranged by clicking on any of the column headers.
Clicking on any specific record will bring up some general information about the log, like the time of the log entry, the log entry level, it’s ID and source, as well as a variety of other information that can be used to identify an issue.
Clicking on details will provide you with the raw log data, which can present a more considerable amount of detail that can be used to investigate and solve problems.
Lastly, the default location of these logs can be found in the following folder on the server:
Get Started Today!
Are you have issues tracking down where problems are occurring on your windows server? Need help deciphering the information in a log file, or trying to locate ways to improve the responsiveness of your server?
Our Level 3 Windows administrators are tough, smart and experienced techs who can help with any issue. Reach out today if you are running out of options and need to hear from a professional.