Windows Server 2008 introduces 4 new log management features that we've needed ever since Windows NT Server came out so long ago. In my next real training for free (tm) session I show you how to use:
- Log archival - You can now configure Windows to create a new log file whenever the current log file reaches its maximum size. Not only does this prevent holes in your audit trail; used properly this can be the beginning of a home grown log collection and archival scheme.
- Event forwarding allows you to configure one server to forward events matching specific criteria tothe security log of another server on the network in near real-time or on a periodic basis. Combined with triggers described below you have the building blocks of monitoring and alerting.
- Triggers - give you the ability to automatically execute specified tasks whenever certain events occur. Tasks can be anything from sending an email to running some other kind of script.
- Custom views - the new Event Viewer give you the ability to create much more sophisticated event log queries than before both in terms of criteria and the ability to query multiple logs at the same time. Moreover you can re-use such queries by saving them as custom views. This makes it much easier to perform log analysis.
Please register for now this technical, deep dive.