RSS | MY PROFILE | PRIVACY 

WServerNews (formerly W2Knews) - Log Management

Vol. 17, #48 - November 26, 2012 - Issue #907

Image

Log Management

  1. Editor's Corner
    • From the Mailbag
    • Log Management
    • Tip of the Week
    • Recommended for Learning
    • Quote of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Events Calendar
    • Americas
  4. Webcast Calendar
  5. Tech Briefing
    • Event Log and Event Management Tips
    • Announcing Microsoft prePress!
    • Active Directory in Hyper-V environments, Part 7
    • SkyDrive: Now with Selective Sync and Shared Content!
    • Download the Exchange Server 2013 Trial
    • Evaluate Microsoft SharePoint Server 2013
  6. Windows Server News
    • Recipe for vSphere shops cooking up software-defined data centers
    • Microsoft Virtual Machine Converter eases VM migrations
    • Re-defining the Windows Azure cloud computing message
    • VDI benefits for enterprise desktop management come at a price
  7. WServerNews FAVE Links
    • This Week's Links We Like. Fun Stuff.
  8. WServerNews - Product of the Week
    • Three Free Tools to Simplify Active Directory Administration

 

Three Free Tools to Simplify Active Directory Administration

SolarWinds free trio of Active Directory Admin Tools help you manage and remove computers and users from Active Directory, and allow you to add users in bulk. These tools run on current Windows® versions, and they are even certified with Windows 7 through a strategic relationship with Microsoft®.  With these tools you to scan Active Directory and optionally remove users and computers who have not logged in for a certain amount of time or optionally remove computers that are over a certain number of days old.  And the User Import Tool allows you to create users in bulk using a CSV file. You can even specify the attributes.

Download Free AD Admin Tools

 

Editor's Corner

This week's issue of WServerNews is about log management. Event logs and other log files on Windows servers can be a lifesaver when it comes to troubleshooting problems when they happen. But there's more, as my lame attempt at Cockney rhyming included here demonstrates:

"I'll need to take that matter up with my parent in the event log."

"You what, mate?"

"You know, event log, log, tree, org chart, manager..."

"Oh! Right. Good 'en!"

From the Mailbag

Before we begin, if you haven't yet tried out Windows Server 2012, why not download it today? Full disclosure: if you click that link, I might win a T-shirt or something, and my wardrobe could definitely use the upgrade...lol

In our issue Top Server Management Resources (Issue 902) we shared the following Tip of the Week: If you plan on deploying a bunch of servers with internal hardware RAID storage, it's better to buy all of the hard drives at the same time from a single vendor. That way all the drives will have the same firmware level which means they will less likely to have issues when used in RAID configurations. Plus your service and warranty management will be a lot easier.

We got lots of feedback on this, some of which we shared in our issue Storage Tiering (Issue 903). Here's some more feedback from a reader named Dave who is a Technical Support Advisor for a company in Colorado:

A couple of years ago we ordered 5 Dell workstations with mirrored RAID 1 array (Seagate drives). Within a year, we suffered 50% failure rate (five out of the ten died). In recent months I've replaced three Western Digital 2TB drives in an 7 drive RAID 5 (plus a spare) array. The drives are less than two years old. In one instance, a drive failed. The Promise RAID system integrated the spare into the array as it was supposed to, and I got an advanced replacement coming, but by the time I got it, ANOTHER drive failed, so at that point if any more had failed my array would have been TOAST. I'm thinking I need TWO OR THREE spares!

I only have six people here in my office, but we develop software, and we have a number of servers and test machines. It seems like in the last few weeks I have been replacing one or more a week. I'm worried that my co-workers think that I'm making this stuff up to pad the list of things I do in a week. Do I really have to buy an "Enterprise" class drive to have the thing last to the end of the warranty period?

My response would be that if the workstations are important to your business then yes you should spend the money and buy enterprise class hard drives, but I'd be interested in hearing what our readers think about this: email me at wsn@mtit.com

In our issue Eye on VDI (Issue 904) we talked about what VDI is and how it compares with session virtualization. We also mentioned a few VDI solutions. Dennis, a Network Administrator in California, had yet another solution to recommend:

We use a product called vSpace from NComputing with their L300 zero-client device. It is supposed to be session-based virtualization but we don’t use it that way. We have four users running their own installation of Windows 7 which runs on top of Hyper-V. The vSpace software is installed on each Windows 7 VM. The software shows a menu of possible desktops/servers on the zero-client device and the user selects his/her own virtual machine. It works pretty well. There were some issues at the beginning with video and Flash on web pages. NComputing has a new product called vSpace Server that may be closer to true VDI. We have not tried it.

For more information on NComputing, see the following:
http://www.wservernews.com/go/1353586181833

John, a Microsoft Certified SBS Specialized based in Auckland, Australia, also recommended a solution as follows:

A very good, easy-to-use, totally free, no licence required, with only a JAVA browser as a client, with free VMOTION, hypervisor is:
http://www.wservernews.com/go/1353586188505

I have used VMWare, Citrix Xen server, HyperV, VirtualBox, etc. But Proxmox-ve deserves far more credit.It is deceptively simple on the surface, with all the needed options just one click away.

PS: I make nothing out of this. I just believe a good product like this should be widely promoted.

Also in Eye on VDI (Issue 904) we asked, "Is tape backup dead? Or will it come roaring back because of exponentially rising data archiving requirements?" A reader named Erich replied:

Recently finished upgrading a government (US) research facility that required 14 petabytes of storage. We did a few BCAs and compared tape with spin down capabilities on several hard drive offerings from various vendors. The approach we took was a three-tiered storage concept that used tape only as an offsite DR backup while our data was duplicated to another site several miles away. You cannot beat the cost of tape for offline storage and as a stable backup and recovery scheme. But in this age of redundant arrays capable of spinning down drives and spinning them back up as necessary saves time and money. My two cents.

Another reader named Michael from Indiana responded with the following:

We visited the tape issue back in May (I remember because I responded to it). I have a client that has roughly 5 TB of data at present, and it is growing rapidly. We looked into online storage and found that he couldn’t afford the cost of backup to the cloud. Cost of tape to hold all this growing data was pretty steep as well. I don’t remember the numbers now, but LTO-5 is quite pricey. He currently backs up on inexpensive portable USB drives… and I know at some point something BAD is going to happen. In your opinion, what is the most efficient yet least expensive way to backup big data? I always prefer tape and store the media off-site, but the client isn’t willing to spend the bucks. Your thoughts?

My own response would be to ask your client how much he values his data. Does anyone else have any thoughts on this issue? Email me at wsn@mtit.com

Log Management

In server management, log files basically have two functions: to help track usage of a server, role or feature; and to help you troubleshoot when a problem arises. The Windows event logs are of course the first place you look when you need to troubleshoot an issue or monitor the status of a role or feature.

Windows event logs

The event logs have not changed much since Windows Vista. The best overview of how they work and how to manage them is probably the following section in the TechNet Library:
http://www.wservernews.com/go/1353586219317

The built-in tool for viewing and managing event logs is Event Viewer, and most admins are familiar with the ins and outs of this MMC snap-in. But there are some other in-box tools you can use for managing event logs from the command-line or with scripts:

wevtutil - This command-line tool was introduced in Windows Vista and Windows Server 2008 and can be used for querying and managing event logs. It's syntax and some usage examples can be found here:
http://www.wservernews.com/go/1353586223942

wecutil - This command-line tool was also introduced in Windows Vista and Windows Server 2008 and can be used to create and manage subscriptions to events that are forwarded from remote computers using the WS-Management protocol. For syntax and examples see the following:
http://www.wservernews.com/go/1353586229427

Eventcreate - This command-line tool also introduced in Windows Vista and Windows Server 2008 and lets you create a custom event in a specified event log. Here's the syntax and some examples of how to use it:
http://www.wservernews.com/go/1353586234067

Eventquery.vbs - This VBscript was first included in Windows XP and Windows Server 2003 to provide a way of querying for events from the command line. Even though this script is still present in Windows Server 2012, it has been deprecated since Windows Server 2008 and should not be used with Windows Server 2008 or later platforms.

Get-EventLog - This cmdlet was first introduced in Windows PowerShell 2.0 and can be used to gets events and event logs from the local or remote computers. Syntax and examples can be found here:
http://www.wservernews.com/go/1353586271818

There are a bunch of other PowerShell cmdlets you can use for managing events and event logs as the following Get-Command output shows:

PS C:\> get-command *event* -Module Microsoft.PowerShell.* | sort ModuleName | ft -AutoSize

CommandType Name         ModuleName
----------- ----         ----------
Cmdlet   New-WinEvent     Microsoft.PowerShell.Diagnostics
Cmdlet   Get-WinEvent     Microsoft.PowerShell.Diagnostics
Cmdlet   Show-EventLog    Microsoft.PowerShell.Management
Cmdlet   Remove-EventLog   Microsoft.PowerShell.Management
Cmdlet   Register-WmiEvent  Microsoft.PowerShell.Management
Cmdlet   New-EventLog     Microsoft.PowerShell.Management
Cmdlet   Clear-EventLog    Microsoft.PowerShell.Management
Cmdlet   Limit-EventLog    Microsoft.PowerShell.Management
Cmdlet   Get-EventLog     Microsoft.PowerShell.Management
Cmdlet   Write-EventLog    Microsoft.PowerShell.Management
Cmdlet   Wait-Event      Microsoft.PowerShell.Utility
Cmdlet   Register-EngineEvent Microsoft.PowerShell.Utility
Cmdlet   Register-ObjectEvent Microsoft.PowerShell.Utility
Cmdlet   Get-EventSubscriber Microsoft.PowerShell.Utility
Cmdlet   Remove-Event     Microsoft.PowerShell.Utility
Cmdlet   Get-Event      Microsoft.PowerShell.Utility
Cmdlet   Unregister-Event   Microsoft.PowerShell.Utility
Cmdlet   New-Event      Microsoft.PowerShell.Utility

See the Tech Briefing section of this issue for some additional tips from The Scripting Guy on how to manage events and event logs using PowerShell.

Other windows logs

If the event logs were the only Windows logs you had to monitor, life would be easy and there would perhaps not be much incentive for looking into third-party log management tools. But there are lots of other Windows logs, including setup logs, DISM logs, Windows Update logs, Windows Firewall logs, and so on. Then there are logs associated with specific features such as Active Directory transaction logs, DHCP server logs, DNS server logs, IIS logs, and so on. Then there are logs associated with other Microsoft tools and products such as Microsoft Deployment Toolkit or Microsoft SQL Server. And so on, and so forth.

Obviously a log management tool can come in handy here. One Microsoft product you can use for monitoring all sorts of logs on servers across your network is System Center Operations Manager:
http://www.wservernews.com/go/1353586377381

SCOM is much more than that of course, but we're focusing only on log management at the moment. But I encourage you to take a close look at SCOM and other System Center products if you're shopping around for a datacenter management solution:
http://www.wservernews.com/go/1353586382100

Third-party log management solutions

There are lots of third-party solutions for log management out there. Below is a short list of a few that I've either used or come across. If you have other log management products you'd like to add to this list, email me at wsn@mtit.com.

Tip of the Week

Did you know that certain Windows fonts are specifically designed for certain languages? To find out what language a particular font is designed for on Windows 7, click Start, type "fonts" and press Enter to open the Fonts item in Control Panel. Then select Details view and examine the Designed For column as shown here:

Image

Got any tips you'd like to share with over 100,000 readers of this newsletter? Email me at wsn@mtit.com

Recommended for Learning

If you want to get up to speed on Windows 8 then the following recently released titles from Microsoft Press might be of some help to you:

Windows 8 Step By Step takes you through the product one step at a time, showing you new ways to work with windows on your PC and touch-enabled devices:
http://www.wservernews.com/go/1353586410319

Windows 8 Plain & Simple shows you in full color how to navigate the new user interface, customize Windows, search for files, go online with Internet Explorer 10, buy apps at the Windows Store, play music, and more:
http://www.wservernews.com/go/1353586414428

Windows 8 for Tablets Plain & Simple is the counterpart to the previous title and focuses on working with Windows 8 on touch-enabled devices:
http://www.wservernews.com/go/1353586420162

Windows 8 Administration Pocket Consultant provides quick answers on how to deploy, configure, manage, maintain and troubleshoot Windows 8 client computers in corporate environments:
http://www.wservernews.com/go/1353586425928

Quote of the Week

"Experience taught me a few things. One is to listen to your gut, no matter how good something sounds on paper. The second is that you're generally better off sticking with what you know. And the third is that sometimes your best investments are the ones you don't make." --Donald Trump

BTW feel free to follow me on Twitter and/or friend me on Facebook

 

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Download a free, fully functioning 30-day trial of Patch Manager from SolarWinds and get visibility into patch compliance with an extensive collection of simple, built-in reports.
http://www.wservernews.com/go/1353588954741
 

Tenable Nessus - Voted WindowSecurity.com Readers' Choice Award Winner - Security Scanner Software:
http://www.wservernews.com/go/1353589126602

 

Events Calendar

Americas

Add your event

Contact Michael Vella at michaelv@techgenix.com to get your conference or other event listed in our Events Calendar.

 

Webcast Calendar

Register for Webcasts

 Add your Webcast

Contact Michael Vella at michaelv@techgenix.com to get your webcast listed in our Webcasts Calendar.

 

Tech Briefing

We'll start with some tips from The Scripting Guy (Ed Wilson) on how to manage events and event logs using PowerShell:

The Windows PowerShell blog also has some good background information on using PowerShell to manage events and event logs:

Announcing Microsoft prePress!

Microsoft prePress lets you order and receive the ebook version of upcoming Microsoft Press titles as they are being written:
http://www.wservernews.com/go/1353586504600

Active Directory in Hyper-V environments, Part 7

Check out this series of blog posts from Sander Berkouwer:
http://www.wservernews.com/go/1353586543023

SkyDrive: Now with Selective Sync and Shared Content!

From Paul Thurrott comes some exciting news about new SkyDrive capabilities:
http://www.wservernews.com/go/1353586551757

Download the Exchange Server 2013 Trial

Try out a full-featured, 64-bit, evaluation copy of Exchange Server 2013:
http://www.wservernews.com/go/1353586563538

Evaluate Microsoft SharePoint Server 2013

Download the SharePoint Server 2013 trial:
http://www.wservernews.com/go/1353586568726

 

Windows Server News

Recipe for vSphere shops cooking up software-defined data centers

The term “software-defined data center” (SDDC) is much more than just another name for cloud computing. Access this exclusive tip to find out what SDDC really means and how it can lead to true IT as a Service.
http://www.wservernews.com/go/1353586575445

Microsoft Virtual Machine Converter eases VM migrations

New conversion tools from Microsoft Virtual Machine Converter (MVMC) promise to ease the headaches of admins managing both vSphere and Hyper-V in the data center. Read on to learn more about the key differences between the two editions of MVMC and VMware’s converter.
http://www.wservernews.com/go/1353586579992

Re-defining the Windows Azure cloud computing message

From the beginning, Microsoft has struggled to explain Windows Azure. But why? Find out the facts about this cloud-based operating system and why Microsoft has faced a number of marketing challenges when trying to promote it.
http://www.wservernews.com/go/1353586585929

VDI benefits for enterprise desktop management come at a price

While virtual desktop infrastructure (VDI) can offer a number of advantages, are the benefits worth the cost? This resource weighs in. Find out more about the operational costs of VDI and how real businesses are benefiting from this technology, even with its high price tag.
http://www.wservernews.com/go/1353586590695

 

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

Image

In a tribute to 007, Top Gear attempts to turn a Lotus Excel into a submarine car:
http://www.wservernews.com/go/1353586595679

This truck doesn't need a bridge:
http://www.wservernews.com/go/1353586599414

Watch what happens when you 'upgrade' a tractor with a Volvo 240 Turbo engine:
http://www.wservernews.com/go/1353586608617

Beware of the 'Booster Bag'. When travelling, it is always good to keep an eye on your luggage.
http://www.wservernews.com/go/1353586613460

An inside view into the amazing blend of ancient history and modern development in the city of Guangzhou, China:
http://www.wservernews.com/go/1353586617523

 

WServerNews - Product of the Week

Three Free Tools to Simplify Active Directory Administration

SolarWinds free trio of Active Directory Admin Tools help you manage and remove computers and users from Active Directory, and allow you to add users in bulk. These tools run on current Windows® versions, and they are even certified with Windows 7 through a strategic relationship with Microsoft®.  With these tools you to scan Active Directory and optionally remove users and computers who have not logged in for a certain amount of time or optionally remove computers that are over a certain number of days old.  And the User Import Tool allows you to create users in bulk using a CSV file. You can even specify the attributes.

Download Free AD Admin Tools

 

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit from Microsoft Press and has published hundreds of articles for IT pros. Mitch is also a seven-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also Head of Research for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.