Microsoft Exchange 2000 Server Adminstrator's Companion
As you may know, Windows 2000 records many events in its own event logs. You can view the logs of both local and remote servers by using the Event Viewer utility, which you can find in the Administrative Tools folder on the Programs menu. Windows 2000 maintains three distinct logs:
- Application The application log is a record of events generated by applications. All Exchange 2000 Server services write their status information to this log. If you enable diagnostics logging for any Exchange 2000 components, that information is also recorded in the application log. This log is the most valuable one for monitoring the general health of an Exchange server. Figure 23-1 shows an entry made in the application log following a directory access error.
- Security The security log is a record of events based on the auditing settings specified in Active Directory Users and Computers.
- System The system log is a record of events that concern components of the system itself, including such events as device driver and network failures.
Figure 23-1. Reviewing an application event created by Exchange 2000 Server.
NOTE
You may also see additional event logs in Event Viewer based upon the services installed on your server. For example, a server running DNS will show a DNS Service log. Domain controllers may also show a File Replication Service log.
If you have a particular log file that you want to save, you have at your disposal three formats in which to save it. You can save it as a binary event log file with the .EVT extension, as a text file with the. TXT extension, or as a comma-delimited text file with the .CSV extension. Binary files with the .EVT extension can be read only with Event Viewer; the two text files can be read with your favorite ASCII editor/viewer.
You will encounter five types of events in the three logs, and a unique icon identifies each event type so that you can easily distinguish between the information entries and the error entries. Table 23-1 shows these icons and describes each of them. Normally, you will encounter only the first three icons in the table in relation to Exchange Server. The classification of events is controlled by the applications and system and cannot be configured by the administrators.
Table 23-1. Event types displayed in Event Viewer
| Icon | Event | Description |
|---|---|---|
| Error | A significant problem has occurred, such as an Exchange Server service that may not have started properly. | |
| Warning | An event has occurred that is not currently detrimental to the system but may indicate a possible future problem. | |
| Information | A significant event that describes a successful operation has occurred. For example, an Exchange Server service starting successfully may trigger this type of event. | |
| Audit success | An audited security access attempt—for example, a successful logon to the system—was successful. | |
| Audit failure | An audited security access attempt—for example, a failed access to an audited file or directory—was not successful. |