Archive for May, 2008


Checking System Logs

May 19, 2008

Most network operating systems and modern client systems maintain their own log files, and it’s a good idea to check these logs on a regular basis – once a day is a good idea, especially for servers. Checking the logs achieves two things: It can tell you why a certain problem has occurred, and it can alert you to a problem that may get worse if not treated.

With a fault-tolerant server, examining the system logs regularly is vital because some component failures will be logged, but, because the system has redundant items, the server may still run as if nothing has happened – it’s both good and bad to discover that one of your mirrored drives actually failed several weeks ago without anyone noticing: good that the system kept running, bad the no-one realized that a disk replacement is needed to maintain full fault tolerance.


Windows’ Event Viewer (NT/2000/XP) displays any errors or problems that have occurred in your system. If a user repeatedly failed at their logon, for example, this might be recorded in the appropriate view in the Event Viewer tool. That information could be the clue you need to determine that a user is locked out, either because they forgot their password or because someone has been trying to hack into that account. The three main logs managed by NT/2000/XP are as follows:

The System Log
This tracks three main types of events: information (non-critical system events), warnings (events that might need checking), and errors (software or hardware component failures).

The Security Log
This tracks security events based on a domain’s audit policy – these events include successful or unsuccessful login attempts, files accessed, and resources used. This log can be especially useful when someone cannot access a network resource.

The Application Log
This log tracks events for network services and applications (for example, DHCP and WINS events, and events from other BackOffice products, such as SQL Server).