The importance of monitoring windows event logs

Ben Taylor

As a responsible and professional MSP, checking client’s Windows event logs is sure to be something you and your team do regularly – or at least it should be!

Are you able to put your hand on your heart and say that event log checking consistently gets the attention it deserves?

DisasterIf not, it really is time to become more proactive. Event logs can give you early warning of impending system issues and save you from unexpected disasters.

Just think of these examples:

  1. Disk error messages referring to “bad blocks” that warn of likely drive failures – the event logs are often the first / only place you will learn of such problems.
  2. Errors relating to RAID arrays running in a degraded state or drives beginning to rebuild.
  3. Security events that can reveal someone making a sustained effort to access a customer system.

Let’s face it; these are all events you really need to know about if you are to do your job properly.

Thankfully, monitoring event logs doesn’t have to mean remoting into numerous servers and PCs and doing regular manual checks.

Be-PreparedWorkstation monitoring software such as GFI MAX Remote Management can help keep a watchful eye on event logs and alert you to problems before they become big problems. There’s no reason why you cannot easily automate the process of checking all client event logs on an ongoing basis.

The Importance of Event IDs

When you devise the best way to monitor event logs, it’s best to choose a solution that reports the Windows Event ID reference as well as the error message.

Event IDs are usually very well documented. Given that the first step in responding to an error is often to research it online, the event ID number is a critical piece of information.

Event IDs are also very useful when it comes to tracking down the troublesome, transient errors that litter event logs but seem to do nothing to interrupt the stable running of a PC or server. It’s usually possible to take steps to eliminate these, and arrive at a point where a red event log error is truly something to worry about. When transient errors remain in the logs, it’s easy to become blind to them and risk ignoring new critical errors.

Windows event logs are a valuable tool in helping you to do your job, so should be treated with the respect they deserve. They also maintain a very detailed stream of documentation as to exactly how the systems you maintain are functioning. You really don’t want to find yourself in a position where you’ve failed to listen to what they’ve been telling you.

As always if you have any thoughts or information to share, feel free to leave a comment below!