Posted: Thu Oct 30, 2008 7:05 pm Post subject: Analyzing event logs
I did a search for "Analyzing event logs" on this site but nothing really came up. I'm looking for any links or whitepapers that can give me the best way to go about reviewing these log files. Specifically the security logs.
Joined: 25 Aug 2004 Posts: 67 Location: San Francisco, California
Posted: Fri Oct 31, 2008 4:36 pm Post subject:
I generally start by going to http://www.eventid.net/ and punching in the log information. If I can't find what I need there I will Google the error message and look for more information.
If I am working on a server I tend to be more picky when researching a problem. I try to find an answer within the Technet forums, as the MS support team often directly answers questions there. Additionally, you can often find MS KB articles for specific event log problems, these are usually trustworthy.
Joined: 29 Apr 2005 Posts: 16777195 Location: London, UK
Posted: Fri Oct 31, 2008 4:56 pm Post subject:
+1 for what Ryan says ..... even if he's got a strange avatar now. just wth is that, Mr S?!
Personally, if i'm wading through an event log I'll first filter the view off so i'm only seeing the warnings and errors then work through them. Google or the search engine of your choice is always a really good place to start and will pickup most sites such as EventID.net, Experts-Exchange, MS's own articles or even that cracking site called SFDC
IMO EventID is worth the subscription for a business as is Experts-Exchange especially as you only need one account for everyone
I'm not sure to recommend beyond that other than get stuck in there and track the errors down. Simply by doing that regularly you'll start to get a feel for what's what and pick the important things from the not so important ones.
the fun really starts getting going when you're pulling all the event logs together from multiple servers and viewing them time sync'd so you can get an overall view of your network.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum