Checking event logs

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Checking event logs

Depending on its server role, a computer running a Windows Server 2003 operating system records events in the following types of logs: application, security, directory service, File Replication service, and DNS server. You can use Event Viewer to monitor these logs and gather information about the hardware, software, and system problems on a computer. Event Viewer displays five types of events within each log: error, warning, information, success audit, and failure audit.

Some of the most common tasks are viewing an event log and connecting to another computer. You can also check event logs from the command line. For more information, see Managing event logs from the command line. For more information about other tasks for checking event logs, see Event Viewer How To....

To view an event log

  1. Open Event Viewer.

  2. In the console tree, click the log you want to view.

  3. In the details pane, view the list of individual events.

  4. If you want to see more details about a specific event, in the details pane, double-click the event.

Notes

  • Performing this task does not require you to have administrative credentials. Therefore, as a security best practice, consider performing this task as a user without administrative credentials. However, you must be a member of the Administrators group on the target computer to open the Security log, or any log when targeting a remote computer.

  • To open Event Viewer, click Start, click Control Panel, double-click Administrative Tools, and then double-click Event Viewer.

  • To refresh the view, on the Action menu, click Refresh. When you open a log, Event Viewer displays the current information for the log. While you view the log, the display is not updated unless you refresh the Event Viewer window. If you switch to another log and then return to the first log, the display for the first log is automatically refreshed. When you refresh the view of an event log, only the view is updated, no changes are made to the log. The Refresh command is not available for archived logs, because those files can no longer be updated.

To connect to another computer

  1. Open Event Viewer.

  2. In the console tree, right click Event Viewer (Local), and then click Connect to another computer.

  3. Click Another computer, type the name of the computer, and then click OK. You can also find another computer on the network by clicking Browse.

Notes

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

  • To open Event Viewer, click Start, click Control Panel, double-click Administrative Tools, and then double-click Event Viewer.

  • The other computer can be a workstation running Windows XP Home Edition, Windows XP Professional, Windows 2000 Professional, Windows NT Workstation, or a server or domain controller running Windows NT Server, Windows 2000 Server, or a Windows Server 2003 operating system.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.