Logs monitor events occurring in the system and record hardware, software, and system
issues. When an instance is attacked or an issue occurs on an application, you can
locate the critical problems based on logs. This improves work efficiency and instance
security. This topic uses Windows Server 2012 R2 as an example to describe how to
use and analyze four types of logs.
Prerequisites
You must have registered an Alibaba Cloud account before you follow the instructions
provided in the tutorial. If not, create a new Alibaba Cloud account first.
Background information
Windows logs can be further divided into system logs, application logs, security logs,
and application and service logs.
View logs in Windows Event Viewer
Perform the following steps to open Event Viewer:
- Click Start and open the Run dialog box.
- Run the
eventvwr
command in the dialog box to open Event Viewer.
- View the following four types of logs in Event Viewer:
Note For IDs of all error logs found by using log-viewing methods described in this topic,
you can find the corresponding solutions in the Microsoft Knowledge Base.
- System logs
In the left-side navigation pane, choose to view system logs.
System logs contain events recorded by Windows system components. For example, the
failure of a driver or other system components to load during startup is recorded
in the system log.
The types of events recorded by system components are predetermined by Windows.
- Application logs
In the left-side navigation pane, choose to view application logs.
Application logs contain events logged by applications. For example, a database program
can record a file error in the application log.
The types of the events recorded in application logs are determined by developers.
- Security logs
In the left-side navigation pane, choose to view security logs.
Security logs contain valid and invalid logon attempts and events related to resource
use, such as creating, opening, or deleting files or other objects.
The types of the events recorded in security logs are determined by administrators.
For example, if logon auditing is enabled, the security logs will record logon attempts.
- Application and service logs
An application and service log is a new type of event log. Application and service
logs contain events from a single application program or component rather than events
that can affect the whole system.
Modify the log path and back up logs
By default, logs are stored on the system disk. The maximum size of logs is 20 MB.
If the limit is exceeded, previous events will be overwritten. You can modify the
log path as needed.
Perform the following steps to modify the log path and back up logs:
- In the left-side navigation pane of Event Viewer, click Windows Logs.
- In the right-side list, right-click a log name and choose Properties from the shortcut menu.
- In the Log Properties dialog box that appears, modify the following parameters:
- Log path
- Maximum log size (KB)
- When maximum event log size is reached: