Monitoring Events

Applies To: Windows Server 2008

The Event Viewer is a Microsoft Management Console (MMC) snap-in that enables you to browse and manage event logs. It is an indispensable tool for monitoring the health of systems and troubleshooting issues when they arise.

Event Viewer enables you to perform the following tasks:

  • View events from multiple event logs.

  • Save useful event filters as custom views that can be reused.

  • Work with event logs on remote computers.

  • Schedule a task to run in response to an event.

  • Create and manage event subscriptions.

View Events from Multiple Event Logs

When you use Event Viewer to troubleshoot a problem, you need to locate events related to the problem, regardless of which event log they appear in. Event Viewer enables you to filter for specific events across multiple logs, making it easy to display all events that are potentially related to an issue that you are investigating. To specify a filter that spans multiple logs, you need to create a custom view.

For information about creating custom views, see the following topic:

Reuse Custom Views

When you work with event logs, your primary challenge is to narrow the set of events to just those that you are interested in. Sometimes this is easy; other times this involves a great deal of effort, effort that is lost if you do not have some way to save the view of the logs that you worked so hard to create. Event Viewer supports custom views. After you have queried and sorted your way to the events that you want to analyze, you can save that work as a named view that will be available for you to reuse in the future. You can even export the view and use it on other computers or share it with other people.

For information about view-related tasks, see the following topics:

Work with Event Logs on Remote Computers

You can use the Event Viewer or the wevtutil command at a command prompt to manage event logs on a remote computer.

For information about using a remote computer to view event logs, see the following topic:

Schedule a Task

By using Event Viewer, you can easily automate responses to events. Event Viewer is integrated with Task Scheduler, enabling you to right-click most events to start scheduling a task to run when that event is logged in the future.

For information about associating tasks with events, see the following topic:

Manage Event Subscriptions

You can collect events from remote computers and store them locally by specifying event subscriptions.

For information about creating and managing event subscriptions, see the following topic:

Additional Resources

Explanations and how-to instructions for Event Viewer are available in the Installed Help section of the Windows Server 2008 Technical Library.

Topics covered in this section of the Help include:

For detailed procedural troubleshooting information for individual Windows Server 2008 events (and some Windows Vista events), see the Events and Errors documentation. You can access this content directly from a link in Event Viewer as well as here in the Windows Server 2008 Technical Library.