Logs monitor events occurring in the system and record hardware, software, and system issues. When an instance is attacked or an issue occurs on an application, you can locate the critical problems based on logs. This improves work efficiency and instance security. This topic uses Windows Server 2012 R2 as an example to describe how to use and analyze four types of logs.
You must have registered an Alibaba Cloud account before you follow the instructions provided in the tutorial. If not, create a new Alibaba Cloud account first.
View logs in Windows Event Viewer
Perform the following steps to open Event Viewer:
- Click Start and open the Run dialog box.
- Run the
eventvwrcommand in the dialog box to open Event Viewer.
- View the following four types of logs in Event Viewer:
Note For IDs of all error logs found by using log-viewing methods described in this topic, you can find the corresponding solutions in the Microsoft Knowledge Base.
- System logs
In the left-side navigation pane, chooseto view system logs.
System logs contain events recorded by Windows system components. For example, the failure of a driver or other system components to load during startup is recorded in the system log.
The types of events recorded by system components are predetermined by Windows.
- Application logs
In the left-side navigation pane, chooseto view application logs.
Application logs contain events logged by applications. For example, a database program can record a file error in the application log.
The types of the events recorded in application logs are determined by developers.
- Security logs
In the left-side navigation pane, chooseto view security logs.
Security logs contain valid and invalid logon attempts and events related to resource use, such as creating, opening, or deleting files or other objects.
The types of the events recorded in security logs are determined by administrators. For example, if logon auditing is enabled, the security logs will record logon attempts.
- Application and service logs
An application and service log is a new type of event log. Application and service logs contain events from a single application program or component rather than events that can affect the whole system.
- System logs
Modify the log path and back up logs
By default, logs are stored on the system disk. The maximum size of logs is 20 MB. If the limit is exceeded, previous events will be overwritten. You can modify the log path as needed.
Perform the following steps to modify the log path and back up logs:
- In the left-side navigation pane of Event Viewer, click Windows Logs.
- In the right-side list, right-click a log name and choose Properties from the shortcut menu.
- In the Log Properties dialog box that appears, modify the following parameters:
- Log path
- Maximum log size (KB)
- When maximum event log size is reached: