Windows 7 / Getting Started

Server Manager Diagnostics Page

The Diagnostics page in Server Manager consolidates three different consoles into a convenient location. The three consoles are as follows:

  • Event Viewer
  • Reliability and Performance
  • Device Manager

The next sections review the various features of the three consoles on the Diagnostics page.

Event Viewer

The Windows 2008 Event Viewer functionality has been improved over the previous version of Windows Server. The version in Windows 2008 is the version that released in Windows Vista. The event logs can contain an overwhelming volume of information, which the new Event Viewer summarizes and drills into very effectively.

Selecting the Event Viewer folder under Diagnostics shows the Overview and Summary page. The Summary of Administrative Events section on this page shows a high-level summary of the administrative events, organized by level:

  • Critical
  • Error
  • Warning
  • Information
  • Audit Success
  • Audit Failure

The view shows the total number of events in the last hour, 24 hours, 7 days, and the total. Each of these nodes can be expanded to show the counts of particular event IDs within each level. Double-clicking on the event ID count shows a detailed list of the events with the matching event ID. This is very useful for drilling on the specific events to see when they are occurring.

The Overview and Summary page also has a Log Summary section, which shows a list of all the various logs on the server. This is important, as there are now over 100 different logs in Windows 2008. In addition to the standard system, security, and application logs, there is a setup log and a forwarded events log. Then there are the numerous application and services logs, which include logs for each application, service, and a huge number of diagnostic and debugging logs. For each of the logs, the Log Summary section shows the log name, current size, maximum size, last modification, if it is enabled, and what the retention policy for the log is. This allows the administrator to quickly see the status of all the logs, which would be a daunting task otherwise.

Of course, the logs can be viewed directly by expanding the Windows Logs folder or the Applications and Services Logs folder. The Windows Logs folder contains all the standard application, security, setup, system, and forwarded events logs. The applications and services logs contain all the other ones.

Custom views can be created to filter events and combine logs into a coherent view. There is a default Administrative Events view, which combines the critical, error, and warning events from all the administrative logs. There is also a custom view created for each role that is installed on the server. New ones can be created by the administrator as needed.

Subscriptions can collect events from remote computers and store them in the forwarded events log. The events to be collected are specified in the subscription. The functionality depends on the Windows Remote Management (WinRM) and the Windows Event Collector (Wecsvc) services and they must be running on both the collecting and forwarding servers.

[Previous] [Contents] [Next]

In this tutorial:

  1. Windows Server 2008 Management and Maintenance
  2. Initial Configuration Tasks
  3. Managing Windows Server 2008 Roles and Features
  4. Server Manager
  5. Server Manager Diagnostics Page
  6. Server Manager Reliability and Performance Monitor
  7. Server Manager Configuration Page
  8. Server Manager Storage Page
  9. Auditing the Environment
  10. Auditing Resource Access
  11. Managing Windows Server 2008 Remotely
  12. Server Manager Command-Line Tool
  13. Using Common Practices for Securing and Managing Windows Server 2008
  14. Keeping Up with Service Packs and Updates
  15. Maintaining Windows Server 2008
  16. Running the Domain Controller Diagnosis Utility