My personal experience with the Windows Event logs has been frustrating, but there are tools that can turn “useless” into “useful.” The logs themselves ARE pretty useless if you the only time you look at them is when the server is down and you are desperately searching for answers. All too often, what you find then is that they are full of repetitive information–a secondary problem such as lack of disk space–and it is too late to find the event that triggered the cascade of failure.

Here are a few tips to get ahead of that…

Set limits. First of all, review the properties on each event log to make sure the logs are not allowed to grow indefinitely. You want to see something like this:

Although you can lose data this way, in a cascading event failure where you have the event logs set to “do not overwrite” you will fill up your disk with unhelpful messages anyway.

Consider a subscription to EventID.Net. This service provides windows administrators with a way to look up the often cryptic EventIDs and find a more helpful description online. As you peruse their site, you will notice a great deal of advertising and “reviews” of one of Heroix competitor’s products–but they have produced a great deal of helpful content for debugging the event logs.