Event Logs in Server Core

This week I’m going to talk a bit about event logs, since they are so important to figuring out any issues that might be occurring on a server. You can either view the event logs remotely using the Event Viewer MMC or locally using command line tools.

Remote Event Log access

From a Server or Vista installation, you can use the Event Viewer MMC snap-in to remotely view the event logs on. Although you can use the Windows XP or Windows Server 2003 Event Viewer, it doesn’t support all of the new functionality available with the event logs, so it is recommended to remotely use the new version.

Command Line Event Log access

Working with the event logs from the command line has improved in Longhorn Server. The old eventquery VBScript has been replaced by a new command line tool: wevtutil.exe. Using the el switch will provide a list of event logs you can query using the qe switch. However, this does much more then just let you query for events, it also lets you export, archive, clear, and configure the logs from the command line. Wevtutil.exe also supports remote operation, so could be used in scripts from a Vista or Server install.

If anyone has suggestions for topics they would like me to talk about, please let me know.

Andrew