Using Event Logs to Troubleshoot Problems

Careful monitoring of event logs can help you predict and identify the sources of system problems. For example, if log warnings show that a disk driver can only read or write to a sector after several retries, the sector will likely go bad eventually. Logs can also confirm problems with application software: If an application crashes, an application event log can provide a record of activity leading up to the event.

The following are suggestions to help you use event logs to diagnose problems:

• Archive logs in log format. The binary data associated with an event is discarded if you archive data in text or comma-delimited format.

• If you suspect a hardware component is the origin of system problems, filter the system log to show only those events generated by the component.

• If a particular event seems related to system problems, try searching the event log to find other instances of the same event or to judge the frequency of an error.

• Note Event IDs. These numbers match a text description in a source message file. This number can be used by product-support representatives to understand what occurred in the system.