Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Greg.

« BREAKING: Quest Recognized as Microsoft Global ISV Partner of the Year | Main | Server 2008's New Event Log -- Syslog, only 20 years later... »

What we Love about the Event Log in Server 2008 and Vista (and what we hate in the old Event Log)

With Vista and Server 2008, we get a complete overhaul to the event log subsystem. This overhaul means that much of the things we used to hate are now gone, and many of the things we love are now available. Let's take a look at both:

Limited scalability - Total size of all logs must be less than the total available memory.


Event publishing performance - There are limitations to the sheer number of events that can be published during a given period of time, due to performance problems in the event log itself. This had the most effect on Security event logs on DC’s.

Limited sorting / filtering functions - Sorting and filtering are highly limited in functionality, and let's not forget the annoyance of new events being added during sort events.

Viewing performance - Large logs (especially Security logs) nearly impossible to view.

No easy format for offloading / onloading log data - 3rd party tools like EventCombMT were necessary to get valuable information from multiple systems.

No ability for creating and saving custom views and/or custom reports

Inability to actually make use of Security log data without expensive 3rd party system. - Syslog support, but only as a 3rd party add-on.

Challenging to sync events between multiple systems

No ability for cross-system log shipping

Now, let's take a look at what you're going to love in the new Event Log with Vista & Server 2008...

Preview pane – One screen look at event information without having to double-click every event.


Custom sorting and filtering - Custom sorts and filters can be saved as a “view”. Views can be imported and exported between machines.

Enhanced search

Further segregation of events into disparate log databases

Copy-to-clipboard capability for event data

Time-based event summary

Event forwarding - Send a copy of selected event data to another machine.

Event subscriptions - Here’s some selected stuff from another machine, show it in my local log.

GUI-based event tasking

Tags:            
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Greg Shields on August 8, 2007 12:30 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-windowsserver.com/type/mt-tb.cgi/308

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Greg Shields' Bio:

Greg Shields, is an independent author, instructor, and IT consultant based in Denver, Colorado, and a co-founder of Concentrated Technology. With nearly 15 years of experience in information technology, Greg has developed extensive experience in systems administration, engineering, and architecture specializing in Microsoft systems management, remote application, and virtualization technologies. Greg is a Contributing Editor for Redmond Magazine, MCPmag.com, and Virtualization Review Magazine and is the author of five books, including Windows Server 2008:  What’s New / What’s Changed. Greg is also a highly sought-after instructor and speaker, speaking regularly at conferences like TechMentor Events, and producing computer-based training curriculum for CBT Nuggets.  Greg is a recipient of Microsoft "Most Valuable Professional" award with a specialization in Windows Terminal Services.