|RSS | MY PROFILE | PRIVACY|
Vol. 17, #48 - November 26, 2012 - Issue #907
This week's issue of WServerNews is about log management. Event logs and other log files on Windows servers can be a lifesaver when it comes to troubleshooting problems when they happen. But there's more, as my lame attempt at Cockney rhyming included here demonstrates:
"I'll need to take that matter up with my parent in the event log."
"You what, mate?"
"You know, event log, log, tree, org chart, manager..."
"Oh! Right. Good 'en!"
Before we begin, if you haven't yet tried out Windows Server 2012, why not download it today? Full disclosure: if you click that link, I might win a T-shirt or something, and my wardrobe could definitely use the upgrade...lol
In our issue Top Server Management Resources (Issue 902) we shared the following Tip of the Week: If you plan on deploying a bunch of servers with internal hardware RAID storage, it's better to buy all of the hard drives at the same time from a single vendor. That way all the drives will have the same firmware level which means they will less likely to have issues when used in RAID configurations. Plus your service and warranty management will be a lot easier.
We got lots of feedback on this, some of which we shared in our issue Storage Tiering (Issue 903). Here's some more feedback from a reader named Dave who is a Technical Support Advisor for a company in Colorado:
A couple of years ago we ordered 5 Dell workstations with mirrored RAID 1 array (Seagate drives). Within a year, we suffered 50% failure rate (five out of the ten died). In recent months I've replaced three Western Digital 2TB drives in an 7 drive RAID 5 (plus a spare) array. The drives are less than two years old. In one instance, a drive failed. The Promise RAID system integrated the spare into the array as it was supposed to, and I got an advanced replacement coming, but by the time I got it, ANOTHER drive failed, so at that point if any more had failed my array would have been TOAST. I'm thinking I need TWO OR THREE spares!
I only have six people here in my office, but we develop software, and we have a number of servers and test machines. It seems like in the last few weeks I have been replacing one or more a week. I'm worried that my co-workers think that I'm making this stuff up to pad the list of things I do in a week. Do I really have to buy an "Enterprise" class drive to have the thing last to the end of the warranty period?
My response would be that if the workstations are important to your business then yes you should spend the money and buy enterprise class hard drives, but I'd be interested in hearing what our readers think about this: email me at firstname.lastname@example.org
In our issue Eye on VDI (Issue 904) we talked about what VDI is and how it compares with session virtualization. We also mentioned a few VDI solutions. Dennis, a Network Administrator in California, had yet another solution to recommend:
We use a product called vSpace from NComputing with their L300 zero-client device. It is supposed to be session-based virtualization but we don’t use it that way. We have four users running their own installation of Windows 7 which runs on top of Hyper-V. The vSpace software is installed on each Windows 7 VM. The software shows a menu of possible desktops/servers on the zero-client device and the user selects his/her own virtual machine. It works pretty well. There were some issues at the beginning with video and Flash on web pages. NComputing has a new product called vSpace Server that may be closer to true VDI. We have not tried it.
For more information on NComputing, see the following:
John, a Microsoft Certified SBS Specialized based in Auckland, Australia, also recommended a solution as follows:
A very good, easy-to-use, totally free, no licence required, with only a JAVA browser as a client, with free VMOTION, hypervisor is:
I have used VMWare, Citrix Xen server, HyperV, VirtualBox, etc. But Proxmox-ve deserves far more credit.It is deceptively simple on the surface, with all the needed options just one click away.
PS: I make nothing out of this. I just believe a good product like this should be widely promoted.
Also in Eye on VDI (Issue 904) we asked, "Is tape backup dead? Or will it come roaring back because of exponentially rising data archiving requirements?" A reader named Erich replied:
Recently finished upgrading a government (US) research facility that required 14 petabytes of storage. We did a few BCAs and compared tape with spin down capabilities on several hard drive offerings from various vendors. The approach we took was a three-tiered storage concept that used tape only as an offsite DR backup while our data was duplicated to another site several miles away. You cannot beat the cost of tape for offline storage and as a stable backup and recovery scheme. But in this age of redundant arrays capable of spinning down drives and spinning them back up as necessary saves time and money. My two cents.
Another reader named Michael from Indiana responded with the following:
We visited the tape issue back in May (I remember because I responded to it). I have a client that has roughly 5 TB of data at present, and it is growing rapidly. We looked into online storage and found that he couldn’t afford the cost of backup to the cloud. Cost of tape to hold all this growing data was pretty steep as well. I don’t remember the numbers now, but LTO-5 is quite pricey. He currently backs up on inexpensive portable USB drives… and I know at some point something BAD is going to happen. In your opinion, what is the most efficient yet least expensive way to backup big data? I always prefer tape and store the media off-site, but the client isn’t willing to spend the bucks. Your thoughts?
My own response would be to ask your client how much he values his data. Does anyone else have any thoughts on this issue? Email me at email@example.com
In server management, log files basically have two functions: to help track usage of a server, role or feature; and to help you troubleshoot when a problem arises. The Windows event logs are of course the first place you look when you need to troubleshoot an issue or monitor the status of a role or feature.
Windows event logs
The event logs have not changed much since Windows Vista. The best overview of how they work and how to manage them is probably the following section in the TechNet Library:
The built-in tool for viewing and managing event logs is Event Viewer, and most admins are familiar with the ins and outs of this MMC snap-in. But there are some other in-box tools you can use for managing event logs from the command-line or with scripts:
wevtutil - This command-line tool was introduced in Windows Vista and Windows Server 2008 and can be used for querying and managing event logs. It's syntax and some usage examples can be found here:
wecutil - This command-line tool was also introduced in Windows Vista and Windows Server 2008 and can be used to create and manage subscriptions to events that are forwarded from remote computers using the WS-Management protocol. For syntax and examples see the following:
Eventcreate - This command-line tool also introduced in Windows Vista and Windows Server 2008 and lets you create a custom event in a specified event log. Here's the syntax and some examples of how to use it:
Eventquery.vbs - This VBscript was first included in Windows XP and Windows Server 2003 to provide a way of querying for events from the command line. Even though this script is still present in Windows Server 2012, it has been deprecated since Windows Server 2008 and should not be used with Windows Server 2008 or later platforms.
Get-EventLog - This cmdlet was first introduced in Windows PowerShell 2.0 and can be used to gets events and event logs from the local or remote computers. Syntax and examples can be found here:
There are a bunch of other PowerShell cmdlets you can use for managing events and event logs as the following Get-Command output shows:
PS C:\> get-command *event* -Module Microsoft.PowerShell.* | sort ModuleName | ft -AutoSize
CommandType Name ModuleName
----------- ---- ----------
Cmdlet New-WinEvent Microsoft.PowerShell.Diagnostics
Cmdlet Get-WinEvent Microsoft.PowerShell.Diagnostics
Cmdlet Show-EventLog Microsoft.PowerShell.Management
Cmdlet Remove-EventLog Microsoft.PowerShell.Management
Cmdlet Register-WmiEvent Microsoft.PowerShell.Management
Cmdlet New-EventLog Microsoft.PowerShell.Management
Cmdlet Clear-EventLog Microsoft.PowerShell.Management
Cmdlet Limit-EventLog Microsoft.PowerShell.Management
Cmdlet Get-EventLog Microsoft.PowerShell.Management
Cmdlet Write-EventLog Microsoft.PowerShell.Management
Cmdlet Wait-Event Microsoft.PowerShell.Utility
Cmdlet Register-EngineEvent Microsoft.PowerShell.Utility
Cmdlet Register-ObjectEvent Microsoft.PowerShell.Utility
Cmdlet Get-EventSubscriber Microsoft.PowerShell.Utility
Cmdlet Remove-Event Microsoft.PowerShell.Utility
Cmdlet Get-Event Microsoft.PowerShell.Utility
Cmdlet Unregister-Event Microsoft.PowerShell.Utility
Cmdlet New-Event Microsoft.PowerShell.Utility
See the Tech Briefing section of this issue for some additional tips from The Scripting Guy on how to manage events and event logs using PowerShell.
Other windows logs
If the event logs were the only Windows logs you had to monitor, life would be easy and there would perhaps not be much incentive for looking into third-party log management tools. But there are lots of other Windows logs, including setup logs, DISM logs, Windows Update logs, Windows Firewall logs, and so on. Then there are logs associated with specific features such as Active Directory transaction logs, DHCP server logs, DNS server logs, IIS logs, and so on. Then there are logs associated with other Microsoft tools and products such as Microsoft Deployment Toolkit or Microsoft SQL Server. And so on, and so forth.
Obviously a log management tool can come in handy here. One Microsoft product you can use for monitoring all sorts of logs on servers across your network is System Center Operations Manager:
SCOM is much more than that of course, but we're focusing only on log management at the moment. But I encourage you to take a close look at SCOM and other System Center products if you're shopping around for a datacenter management solution:
Third-party log management solutions
There are lots of third-party solutions for log management out there. Below is a short list of a few that I've either used or come across. If you have other log management products you'd like to add to this list, email me at firstname.lastname@example.org.
Did you know that certain Windows fonts are specifically designed for certain languages? To find out what language a particular font is designed for on Windows 7, click Start, type "fonts" and press Enter to open the Fonts item in Control Panel. Then select Details view and examine the Designed For column as shown here:
Got any tips you'd like to share with over 100,000 readers of this newsletter? Email me at email@example.com
If you want to get up to speed on Windows 8 then the following recently released titles from Microsoft Press might be of some help to you:
Windows 8 Step By Step takes you through the product one step at a time, showing you new ways to work with windows on your PC and touch-enabled devices:
Windows 8 Plain & Simple shows you in full color how to navigate the new user interface, customize Windows, search for files, go online with Internet Explorer 10, buy apps at the Windows Store, play music, and more:
Windows 8 for Tablets Plain & Simple is the counterpart to the previous title and focuses on working with Windows 8 on touch-enabled devices:
Windows 8 Administration Pocket Consultant provides quick answers on how to deploy, configure, manage, maintain and troubleshoot Windows 8 client computers in corporate environments:
"Experience taught me a few things. One is to listen to your gut, no matter how good something sounds on paper. The second is that you're generally better off sticking with what you know. And the third is that sometimes your best investments are the ones you don't make." --Donald Trump
Download a free, fully functioning 30-day trial of Patch Manager from SolarWinds and get visibility into patch compliance with an extensive collection of simple, built-in reports.
Tenable Nessus - Voted WindowSecurity.com Readers' Choice Award Winner - Security Scanner Software:
Contact Michael Vella at firstname.lastname@example.org to get your conference or other event listed in our Events Calendar.
Contact Michael Vella at email@example.com to get your webcast listed in our Webcasts Calendar.
We'll start with some tips from The Scripting Guy (Ed Wilson) on how to manage events and event logs using PowerShell:
The Windows PowerShell blog also has some good background information on using PowerShell to manage events and event logs:
Microsoft prePress lets you order and receive the ebook version of upcoming Microsoft Press titles as they are being written:
Check out this series of blog posts from Sander Berkouwer:
From Paul Thurrott comes some exciting news about new SkyDrive capabilities:
Try out a full-featured, 64-bit, evaluation copy of Exchange Server 2013:
Download the SharePoint Server 2013 trial:
The term “software-defined data center” (SDDC) is much more than just another name for cloud computing. Access this exclusive tip to find out what SDDC really means and how it can lead to true IT as a Service.
New conversion tools from Microsoft Virtual Machine Converter (MVMC) promise to ease the headaches of admins managing both vSphere and Hyper-V in the data center. Read on to learn more about the key differences between the two editions of MVMC and VMware’s converter.
From the beginning, Microsoft has struggled to explain Windows Azure. But why? Find out the facts about this cloud-based operating system and why Microsoft has faced a number of marketing challenges when trying to promote it.
While virtual desktop infrastructure (VDI) can offer a number of advantages, are the benefits worth the cost? This resource weighs in. Find out more about the operational costs of VDI and how real businesses are benefiting from this technology, even with its high price tag.
In a tribute to 007, Top Gear attempts to turn a Lotus Excel into a submarine car:
This truck doesn't need a bridge:
Watch what happens when you 'upgrade' a tractor with a Volvo 240 Turbo engine:
Beware of the 'Booster Bag'. When travelling, it is always good to keep an eye on your luggage.
An inside view into the amazing blend of ancient history and modern development in the city of Guangzhou, China:
Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit from Microsoft Press and has published hundreds of articles for IT pros. Mitch is also a seven-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com
Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also Head of Research for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.