Event logs are important tools for managing just about every facet of Windows operation, including storage. The
appropriate logs allow you to track nearly all aspects of disk performance, examine the details of disk operations over time and spot potential trouble spots.
But to do all that you've got to be able to extract the useful information from the flood of data that the logs record. Even after you carefully pare down the amount of information you choose to record in the log, 10MB or more of recorded events can be produced every day. The biggest problem with logs is finding the needles of relevant information in the haystack of data.
Many tools, such as Microsoft Operations Manager (MOM), can help you make sense of your log files. But MOM is a commercial product that must be purchased from Microsoft on a per-system basis.
A cheaper alternative is LogParser, a free command line utility from Microsoft that uses SQLServer to dig relevant information out of log files and present it as anything from a report to a chart. Although LogParser is a general tool that can handle any text-based file, it can make sense of logs of all sorts.
LogParser essentially converts text log files into a SQLServer database, then uses SQLServer's tools to apply SQL statements to that database to present the information in a variety of formats. While some administrators may consider using SQL statements from the command line an exercise in medium-level geekspeak, LogParser presents the results in clear, easy-to-understand formats that even non-administrators can easily understand.
LogParser is one of the better-kept secrets in the Windows world. Although it is a very powerful and useful tool in a variety of Windows administration, management and troubleshooting contexts, including storage, for some reason it is relatively little used.
You can download LogParser for free from Microsoft.
About the author: Rick Cook specializes in writing about issues related to storage and storage management.
More information on this topic: