Windows Server stores most of its logs, events, warning of various actions, tasks on Event Viewer. It’s an administrative tool that could help to solve many issues or just to monitor the general situation periodically.
Accessing Event Viewer
- Connect to your Windows Server;
- Press the “Start” button and enter “Event Viewer” in the search box;
- You will find the Event Viewer on the search results easily, open the application.
Using Event Viewer
The most relevant information about your Windows Server is on the “Windows Logs” menu. On this menu, you have 3 main categories:
- Application: The Application part records all the events that are about the Windows system and its components, for example, built-in drivers, applications, services.
- System: The System part records all the events about installed software, applications
- Security: The Security part records all the events regarding access. Connections to server itself(remote access) or connections(log-in attempts) to server applications like mysql and others.
The logs can also be different, here are the main ones:
- Information: Have information on general operations, their execution, and completion.
- Warning: Have information on small scale events that may lead to more serious problems. An example could be a lack of disk size, some application failure.
- Error: Have information on a serious problem, an error that may affect server performance. For example, a failure to load an app on startup
- Success Audit: Have information on a successful log in.
- Failure Audit: Have information on a failed login attempt.
Every event has the EventID that is set by Microsoft and each of the EventIDs have its own meaning. Basically, if you want to check some event what it means, you can just copy the EventID and search it online(on any search engine).
In the example below the Event is Warning type with EventID 6001. Another thing you should consider is “Source“. You can try to check the EventID online and you should easily find an explained information about this event.