by Greg Shields

Looking at performance only gives you one component of system behavior. Fully another component deals with the actual activities that the system is undergoing as it accomplishes its mission. Most applications today are written with the built-in instrumentation to send log messages to the Windows event logs as they accomplish certain tasks. Even more common are events that get written as tasks that attempted to run but fail.

The problem with the Windows event log is its sheer size. Digging through a Windows server to find a specific log entry can mean delving through thousands or tens of thousands of entries. Even with the view improvements to the event log that came about with Windows Server 2008, this process yet remains problematic.

Adding to the challenge of working with the Windows event log is the ever-increasing complexity of today’s applications. Many applications now operate as services on more than one computer. These computers interact to create a service that is ultimately consumed by users.

Troubleshooting problems across multiple servers adds significant challenge due to the server-centric nature of the event log. Without special configuration, a Windows event log gathers and stores events for only a single Windows server. If your troubleshooting requires you to compare events across multiple servers that make up an application, you’ll need to gather those events in some way.

Needed are solutions that gather event log data on your behalf, storing their information into easier-to-use databases for later collection. By gathering event entries in this way, it becomes easy to call up all the entries across multiple servers into a single view. There, aligned by time, it becomes possible to see how a particular behavior is occurring across all the systems that make up the application.

Many of the solutions in this space are similar to those that fulfill the needs of system performance monitoring. In essence, once a software vendor has encoded the database and connections necessary to gather PerfMon entries, it becomes easy to tack on event log support. Solutions such as the NetWrix Event Log Manager, EventSentry, TNT Software ELM Event Log Manager, and System Center Operations Manager, among others, create rich databases of information for use in tracking down faults as they’re reported by their services.

Important to recognize here is the need for collecting event log entries for security and auditing purposes. Most compliance regulations require the external storage of event log data into databases that are specially protected. These databases have extra levels of controls to ensure all but the most highly-trusted of individuals are prevented from overwriting, deleting, or modifying entries. Solutions such as Secure Vantage Technologies Audit Manager and others that focus on the needs of auditing are also often configured for easy reporting on user behaviors. Ensuring that you and your auditors can quickly and easily bring up needed data goes far into ensuring that you fulfill your next compliance audit.

About the Author

Greg Shields is an independent author, speaker, and IT consultant, as well as a Partner and Principal Technologist with Concentrated Technology. With 15 years in information technology, Greg has developed extensive experience in systems administration, engineering, and architecture specializing in Microsoft OS, remote application, systems management, and virtualization technologies. He is a Contributing Editor and columnist for TechNet Magazine and Redmond Magazine, and serves as the Series Editor for Realtime Publishers, the world’s leading provider of high-quality content for the IT market. Greg is a highly sought-after and top-ranked speaker for both live and recorded events, and is seen regularly at conferences like TechMentor Events, Microsoft Tech Ed, VMworld, and more. He is a multiple recipient of Microsoft “Most Valuable Professional” award.