Event Viewer is also useful for monitoring network information. Specifically, you can use the logs to view any information, warnings, or alerts related to the proper functioning of the network. You can access Event Viewer by selecting Administrative Tools ➢ Event Viewer. Clicking any of the items in the left pane displays the various events that have been logged for each item. Figure 16.15 shows the contents of the Directory Service log.
Each event is preceded by a blue i icon. That icon designates that these events are informational and do not indicate problems with the network. Rather, they record benign events such as Active Directory startup or a domain controller finding a global catalog server.
A yellow warning icon or a red error icon, both of which are shown in Figure 16.16, indicate problematic or potentially problematic events. Warnings usually indicate a problem that wouldn’t prevent a service from running but might cause undesired effects with the service in question. For example, I was configuring a site with some fictional domain controllers and IP addresses. My local domain controller’s IP address wasn’t associated with any of the sites, and Event Viewer generated a warning. In this case, the local domain controller could still function as a domain controller, but the site configuration could produce undesirable results.
FIGURE 16.16 Information, errors, and warnings in Event Viewer
Error events almost always indicate a failed service, application, or function. For instance, if the dynamic registration of a DNS client fails, Event Viewer will generate an error. As you can see, errors are more severe than warnings because, in this case, the DNS client cannot participate in DNS at all.
Double- clicking any event opens the Event Properties dialog box, as shown in Figure 16.17, which displays a detailed description of the event.
FIGURE 16.17 An Event Properties dialog box
Event Viewer can display thousands of different events, so it would be impossible to list them all here. The important points of which you should be aware are the following:
■ Information events are always benign.
■ Warnings indicate noncritical problems.
■ Errors indicate show- stopping events.
Let’s discuss some of the logs and the ways you can view data.
Applications and Services The applications and services logs are part of Event Viewer where applications (for example, Exchange) and services (DNS) log their events. DFS events would be logged in this part of Event Viewer. An important log in this section is the DNS Server log (see Figure 16.18). This is where all of your DNS events get stored.
FIGURE 16.18 The applications and services DNS Server log
Custom Views Custom views allow you to filter events (see Figure 16.19) to create your own customized look. You can filter events by event level (critical, error, warning, and so on), by logs and by source. You also have the ability to view events occurring within a specific timeframe. This allows you to look only at the events that are important to you.
FIGURE 16.19 Create Custom View dialog box
Subscriptions Subscriptions allow a user to receive alerts about events that you predefine. In the Subscription Properties dialog box (see Figure 16.20), you can define what type of events you want notifications about and the notification method. The Subscriptions section is an advanced alerting service to help you watch for events.
FIGURE 16.20 Subscription Properties dialog box