Chapter 15. Logs, jobs, and performance
This chapter covers
- Discovering event log sources
- Backing up event logs
- Managing simple scheduled jobs
- Investigating performance counters, system assessment reports, and stability indices
Things go wrong even in the best-run IT operations. When they do, you need to be able to investigate and troubleshoot the problem. One of the first places to look is the event logs. These logs record information (events) from a number of sources across the system. WMI can be used to access and manage the logs, but in many cases the PowerShell event log cmdlets are easier to use. We’ll look at how you can use PowerShell and WMI to discover some information that the cmdlets don’t return and how to back up the logs.
The ability to schedule jobs, which are also known as scheduled tasks, to run at a specified time has been available in Windows for a long time. But a change to the scheduled jobs infrastructure was introduced with Windows Vista. As you’ll discover, you can still create, access, and manage the older, simpler job types through WMI and PowerShell.
If there is one certainty in IT, it’s that users will complain about the performance of their systems. It doesn’t matter what you do, they’ll claim its running slower! We’ll look at how you can view performance information on remote systems using WMI classes.