IT System Administration Good Exercises: Event Lookup!

Computer administration is all about how the system and network is running at the moment. What else could be more important than how zeros and ones are really interacting in background?

System and Network administration starts and ends with lowest level of these environment. Those place that we barely look are the source of system and network information. Those pieces that are crucial to administration and proactively find flaws. actually many future and potential security vulnerabilities also start showing some signs at lowest level of system and networks.

In Windows, the main (but not the only) source of system events are stored under System Windows Logs. We could use many interfaces and tools to query this database but the easiest way is to use Windows Event Viewer user interface (eventvwr.msc or eventvwr.exe under \windows\system32).

One of the good exercises it to check this log regularly. It may sounds funny but this regularly could mean annually, still better than zero, which is most system administrators choose. If you are not checking Windows System logs then you simply do not know what is going on on systems you are administrating. Even though this is the starting point, it is very crucial to look up for system anomaly events and start investigating them.

This is not the time and place to go through type of events and build the skill of event analyzing or train you to get your eyes educated, but it is the time and place to emphasis the importance of System logs database where you can start finding issues and tune up your system and network before an issue turn into something bigger or before a user call you that his machine is so slow and you do not have any clue why sometimes your nodes start acting.

I recommend at least every other week review through System log and find red flags for further investigation and analysis. Over time you could develop simple scripts and alerts to trigger certain repeated issues but you have to always go though every once in a while to have sight over your systems.

If your system administration tells you s/he doesn’t have time to do this, it is like saying I do not have time to make sure my bike is working fine in weekend, so I walk to office everyday and I am always late for that reason! Excuses like time and resources in this regard is like I am willing to work with an old fashioned lawn mower just because I do not have time to go to garage and plug the new faster one to outlet!

System logs gives you a lot of information about the computers your are managing. This won’t be limited to the system that your investigating, you will find things that are global within environment: specific to a software, a segment of network, an application malfunctioning or just performance issues. The latter has been generally ignored among IT staff because they find replacing equipment fast and easier than troubleshooting but it is funny when we replace something and issue remains unsolved.

How many times have you found a system having performance issues related to a hardware malfunction? a lot, right, but I assure you will find more performance issue is related to the fact that system is not tuned up and many things are running with problem is background.

But performance is not why I am insisting to lookup System logs. You will find Security issues that have not any reflection on the actual Security log. You will find useful correlation with other logs of the system, network issues, application, Active Directory, and many things that System is not directly a place to follow them but they have artifacts and footprint there.

Develop a simple process to review these logs and you will find yourself proactively mitigating issues before they turn to global system and network problems.