Managing Plain-Text Logs
Microsoft® Windows® 2000 Scripting Guide
In addition to the event logs, various Windows 2000 services record event information in plain-text log files. Plain-text logs are often used to store a large quantity of information that does not need to be (or perhaps should not be) stored in the event logs. For example, if the thousands of events generated each day by a Web server on an intranet were all recorded in event logs, the event logs would be far more difficult to filter and analyze. Because of this, it makes sense to log Internet Information Services events in a plain-text log instead of an event log.
A typical Windows 2000 domain controller might have 200 or more of these logs that store event information for such things as File Replication service replication, DHCP server activities, and Internet Information Services sessions. A partial list of Windows 2000 Server plain-text logs is shown in Table 12.7.
Table 12.7 Plain-Text Logs Used in Windows 2000 Server
Log Name |
Format |
Description |
|---|---|---|
DCPromoUI.log |
Fixed-width |
Contains a detailed report of the Active Directory® directory service installation and removal process, including the name of the source domain controller used for replication and the directory partitions and number of items that were replicated. |
DCPromo.log |
Fixed-width |
Records settings used during the promotion or demotion of a domain controller, including site name, location of Active Directory log and database files, and configuration of services and security settings. |
Netsetup.log |
Fixed-width |
Records events that occur when joining a computer to a domain. |
Netlogon.log |
Fixed-width |
Records errors that occur when the Net Logon service attempts to dynamically create a DNS record. If this log is blank, that means no errors have occurred. |
Ntfrs.log |
Fixed-width |
Records events that occur each time the File Replication Service runs. |
Userenv.log |
Text |
Records events that occur when a computer processes user profiles and Group Policy. |
DHCPSrvLog |
Comma-separated |
Records DHCP server events. |
Managing plain-text logs has always been difficult because of the large number of logs used on a computer and the large amount of information stored in each log. In addition, Windows 2000 Server log files can use different text formats: comma-separated values, fixed-width text, or a unique formatting scheme. It is difficult to import these files into a single application where the events can be filtered, sorted, and analyzed.
Scripts can help manage plain-text log files. A script can automatically parse a set of log files to extract and reformat the data or to search for a particular event. Because scripts can handle different log-file formats, they can also take data from disparate sources and combine this data in a central database.