Logging is everywhere. Few technologies or techniques are as omnipresent in the technology world as logging. You can find logging in applications and in web and application servers. Operating systems also generate logs, and so do database systems. Since logging can manifest itself in so many ways, sometimes it makes sense to focus on one logging flavor at a time. In this post, we’ll cover Windows logging.
We’ll start with some basics about logging in general, following the typical what-why-how formula. Afterward, we’ll get to the Windows-specific part. We’ll cover the fundamentals of Windows logging, how to access the Windows Event Viewer, and more.
Let’s start by covering some fundamentals of logging in general. What is logging? Why should you care about it?
If you’re familiar with logging, you can skip this section. Otherwise, keep reading and you’ll learn interesting fundamentals about logging.
When talking about fundamental concepts, I like to use a what-why-how structure.
Logging is the process of recording log entries to some form of permanent medium so you can read them later. People often talk about log files, but the number of possible logging targets is staggering. So the question then becomes, what are log entries?
You can think of log entries—or simply logs—as messages about events. An event here means something relevant happened in some piece of an IT infrastructure. Applications produce logs, but so do servers, databases, web servers, garbage collectors, operating systems, and more. An event doesn’t have to be a bad thing, though it often is. Benign events—such as a user successfully accessing their profile on a web application—might also result in the creation of a log entry.
The main justification people give for logging is that it helps them troubleshoot and fix problems. In many scenarios, logging is the only window you might have into the chaotic and unpredictable world of a production environment.
Logging can be much more than a helpful aid for troubleshooting, though. You can also use it in a proactive way to stop problems before they even happen. This is possible with log analysis, which allows you to extract valuable insights from your centralized logs you might have otherwise missed.
Think about it: logs are present in every part of your IT infrastructure. Because of this, they’re uniquely positioned to offer a glimpse into every part of your information system. By correlating data from logs across disparate sources, you gain the ability to detect trends across your entire IT infrastructure, enabling you to stop potential problems long before they become destructive.
How is logging performed in practice? The specifics obviously depend on the type of logging we’re talking about.
When it comes to application logging, for instance, the general recommendation is to avoid implementing your own logging solution. Rather, you should leverage one of the available logging libraries targeting your specific environment. For Java, for example, you should use something like Log4j2. If you live in .NET Land, on the other hand, you might try NLog or Serilog.
Regardless of log types and your current platform, another essential aspect of logging you shouldn’t overlook is logging levels. It doesn’t matter if you’re logging from Ruby on Rails, Python, or Node.js—you should apply adequate and consistent log levels to each event every time you log.
Other logging concerns for which frameworks are responsible include log formatting; managing appenders, targets, and destinations; and tagging and categorizing, to name a few.
With the what, why, and how of logging out of our way, we’re ready to concentrate on Windows logging.
Windows logging refers to logs created by the Windows operating system or applications, such as IIS or Microsoft SQL Server. Even though some applications create logs as plain text, it’s also possible to create Windows logs with a structured format using XML. If you do so, parsing and analyzing the logs becomes easier.
To search and visualize Windows logs, you can use a special application called Windows Event Viewer. Among many other features, you can use this application to do the following:
– View the available logs
– Navigate through the available logs
– Search for specific types of logs
– Export logs for analysis
To access Windows logs, you have to use the Windows event viewer. There are several ways you can access it. We’ll quickly show you how to do it in three ways, two of them via the Windows graphical user interface and one of them by using the command line.
You can open the Windows event viewer using the control panel. Click on the Start button and type “control.” Then, click on the Control Panel icon as it appears.
After the Control Panel window is opened, click on System and Security:
Afterward, click on Administrative Tools.
Finally, double-click the Event Viewer shortcut, and you’re done.
Opening the event viewer via the command line is even easier. Start by clicking on the Start button. Then, type “cmd” and press Enter.
Then, write “eventvwr” and press Enter.
An even easier and faster way to access the Windows event viewer is to directly use the Windows 10 start menu. Click on the Start button, type “event,” and click on Event Viewer as it appears as a result of the search.
Logging is a crucial part of software development. It gives you a window into the behavior of not only your apps but your entire informational infrastructure. Without logging, you’d be none the wiser when things go wrong in production—and, believe me, they go wrong more often than we’d like.
Logging is not just important; it’s ubiquitous. It’s everywhere, and it comes in all shapes and sizes. Windows logging is yet another logging flavor, if you will. In today’s post, you’ve learned the basics of Windows logging. What should your next steps be?
A great next step would be continuing to pursue more education on the topic. Logging is a vast subject, and there’s always more to learn. Here are some suggestions of topics to research further:
– Logging best practices on a variety of programming languages and platforms
– Getting started with log analytics
– More about Windows logging, including searching and filtering
– Log formatting, including how to use structured logging to facilitate log parsing and analysis
Another interesting next step would be learning more about tools capable of making your life easier when it comes to logging. SolarWinds® Loggly® is one such tool. Loggly is a complete log management solution offering unified log analysis and log monitoring. It also offers advanced data analysis and reporting capabilities. Try Loggly today.
This post was written by Carlos Schults. Carlos is a .NET software developer with experience in desktop and web development, and he’s now trying his hand at mobile. He has a passion for writing clean and concise code, and he’s interested in practices capable of helping you improve app health, such as code review, automated testing, and continuous build.