Customer Reviews

Windows NT Event Logging (O'Reilly Nutshell)

5 star:		(0)
4 star:		(1)
3 star:		(2)
2 star:		(1)
1 star:		(1)

 

 

Overall, this book is a good tutorial on NT's Event Logging feature; but needs a little more system troubleshooting advice for NT administrators. O'Reilly is a name I've come to respect for good technical information; and this book is no different.

The author is technically accurate, which is many times lacking in a lot of computer books; he gives real-life examples, adds some humor with an edge (although it could use even more), and writing style and organization are above average. Good step-by-step instructions, good screen shots, excellent bibliography and source citations.

However, enough troubleshooting material that could be helpful to an NT troubleshooter was missing to prevent a 5 star rating. This book has a serious edge toward developers (about half the book) and there is not enough detail for NT system administrators that are looking to it for troubleshooting advice.

The author, Murray, starts out by saying that the Event Log is used mostly as a troubleshooting tool by NT administrators trying to fix problems, but then the book lacks advice and detail to make our lives a little easier. Don't get me wrong, it was a good book; but I think it slightly misses its core audience.

For example, I don' think the well known advice of "The earliest error in the log is usually the best indication of the problem" is even mentioned, much less, more advanced troubleshooting advice. Security auditing is covered well, but the system log is neglected.

I guess I was hoping that the book would provide me with more real-life examples of what to expect in a system log; and some examples of common error messages and what their causes were. I was hoping for a database of system events with their cryptic messages defined into english. The book contains some, just not enough.

Another feature I found disappointing was that the author mentions (and includes on CD-ROM) several great event log utilities (non-programming), but then aren't used in the book text. I think a little more value could have been added by including a chapter or two using the utilities to make me a better system administrator.

I'm glad I read the book and I'm a better NT administrator and troubleshooter because of it.

I am a consultant, of sorts--I build networks, repair networks, etc. And I thought this book would give me a more thorough understanding of Windows NT's Event Logging service. Boy was I wrong.

If you are a programmer/developer for WinNT, I'm sure this book will be a great help to you. More than 2/3 of it is taken up by ways to use the event logging API. It documents the calls and parameters involved in them, and occasionally preaches about what a "good" application should do with event logging.

If you are an administrator (that doesn't write C++ code every day), however, stay away. This, like all O'Reilly books, is well written but, like many ORA books, is inappropriately titled. The information here that is useful to administrators can also be found in the Windows help files.

This book is primarily a re-hash of the MSDN documentation on event logging as included in the platform SDK. It is useful in that it constitutes a printed version of that material, but it offers very little really new information. Some of the sidebars add interesting tidbits though. From a development perspective this book offers some valuable information and source code examples, however be warned - once you get to the deep end you are left to your own devices.
The book gives reasonably clear guidelines as to how to read event log records but very sketchy details on how to decode them. In short this book does **not** continue where the MSDN leaves off, which is a shame since the general style of the book is very accessible. The chapter on auditing and security could well have been omitted - it sits uneasily with the rest of the book's contents.
The source code CD that is included provides a number of trivial example programs and copies of commercial event log related programs that appear to all be available on the 'net, but the example programs are so trivial as to be useful only for cut and pasting of event log API calls.

I rate this book three stars because it is accessible and comprehensive. It does not merit a higher rating as it is not comprehensive enough for developers and does not appear to be sufficiently oriented towards the requirements of an administrator.

This book addresses the event logs that are created by Windows NT and Windows 2000. There are three types of event logs which can be. All are security-relevant and can provide testimony about improper system activity. The book provides good coverage of the subject.

Logs are stored in system areas of the hard disk such as \winnt\system32\config and have recognizable names such as SecEvent.evt. Unfortunately they are not easily observed with the event viewer provided with Windows NT or 2000. Third party software is helpful to make sense out of the event logs. In complex networks with many event logs to monitor it becomes essential. The CD-ROM provided with this book includes a great collection of event viewers.

For the reader that would like to hack some code together for event viewing the book provides Visual Basic and other language support for this purpose.

Despite the great support that this book gives for native event log examination it misses an important point by not providing the capability to look at event logs that are not live. This is a clear need for event reconstruction and forensic applications.

O'Reilly books have an animal theme. This one features a line drawing of a beaver on the cover. What an appropriate choice - beavers do logging too.

This is not a book for you if you are a Visual C++ developer, and looking for material which will help you do better event logging. The event logging API is same as in MSDN or VC help. Didn't give me anymore insight than the help files provided by VC.