Last week, I had an interesting discussion with my Sys Admin that left me boiling a bit. I ended up needing to find an article I thought I’d bookmarked a long time ago to prove a point to him, and ended up having to search to find it. This is another “gem” you’ll want to keep handy — if you’re a Sys Admin, this is a must to read and understand, and if you’re not a Sys Admin, it really helps cut through BS at those times when you feel that things just shouldn’t be working the way they are.Our Sys Admin is the nicest guy in the world, but to say that he’s disciplined would be to do a great disservice to the term. In fact, he’s a “squeaky wheel” guy, addressing issues just as they’re starting to get really annoying, so my conversation with him shouldn’t have surprised me. Nevertheless, I was surprised to learn that we had not, to date, been monitoring the event logs on our Windows servers. At all.
After I turned three shades of purple, I tried to express my amazement that you can’t get software to monitor event logs free in a box of breakfast cereal. What I really wanted to have handy, though, was an article I’d read years before explaining very simply what a good Sys Admin should do daily, weekly, monthly, and so on. I just knew that monitoring event logs was in there.
I ended up spending a few minutes trying to dig this up, but I finally found it again: NT system administrator’s checklists
Think you know what I’m talking about? Read on to find out what I think, and be sure to register and post your comments if you think I’m out to lunch!I’ve always been a fan of Vince Lombardi’s “This is a football” message — you can’t be successful at the hard stuff if you don’t get the basics.
Windows is magnificently complicated. That it appears simple sometimes to some people is a mark of its success. It’s a miracle that some of the people who use Windows are able to do so — you’ve met these people, too, and you know what I’m talking about.
One of the side effects of Windows shielding us from this complexity, though, is that we often have to deal with black boxes when debugging problems. There’s an awful lot of the Windows iceberg that we never have to look at, and can’t — even when we want to see it.
In this spirit, I’ve got to cast my vote for Sysinternals tools as the best ever. Never mind that they’re free. They also just happen to the best tools I’ve ever seen to get to the bottom of what’s really happening under all the fluff we call Windows.
Armed with these tools, you no longer have any excuse to not know what files are being touched by which processes, which processes are writing to the hard disk, and so on. As with any tool like this, you can easily lose yourself in the details, so you have to have enough grey matter to interpret what you’re seeing.
The right tools mean never having to say, “I don’t know…”