The Event Viewer tool in Windows and Windows Server first appeared in 1993. So, Microsoft has decided that it’s time for an update. And as might be expected, rather than update the built-in Windows management console snap-in, Microsoft has opted to bring the new Events tool to Windows Admin Center (WAC). And it is now available in preview in WAC version 2103.
While larger organizations aggregate events from multiple servers using security and event information management (SIEM) tools like Splunk and Azure Sentinel, the humble Windows Event Viewer is still the go-to tool for small businesses and individuals needing to troubleshoot problems and investigate security incidents on Windows. Microsoft says that the new Events tool is still in active development and it is missing crucial features at this stage. But nevertheless, it will be interesting to look at how the tool is developing. Especially for organizations that don’t have access to a SIEM product.
Unfortunately in this release, Microsoft seems to have broken the old Events tool in WAC and the preview tool doesn’t work either. At least on a couple of devices, I tried it on. And I know I’m not the only one facing this problem. When trying to open the Events tool, I get “Unable to get property ‘response’ of undefined or null reference”. Way to go Microsoft. But before I get on to what the new Events tool can do, let me say how unreliable I’ve found WAC to be in general. So, I just avoid it where possible. And that’s a real shame because the old tools, while by and large reliable, aren’t being actively developed.
Like the Performance Monitor tool, the new Events tool lets you create workspaces where you can customize the experience, so you see the events and severity levels you are interested in for a specific task. And see the data over a period of time as a list or in the new ‘stacked bar’ format (see the image below). You can choose the events you want to add to a workspace using a simple set of filters that allow you to choose the log, level, and event ID. Then all that’s left to do is choose how to display the events.
The new Event tools also lets you see multiple events simultaneously. Once you’ve created your workspace, you can continue to fine tune what’s displayed by changing or adding to the criteria that you previously selected.
As I wrote a couple of weeks ago, Windows Admin Center is now available in preview in the Azure Portal. WAC in the Azure Portal lets administrators manage Windows Server VM guests at a more granular level. For instance, you could manage server files, certificates, and view events. WAC gives you better oversight of Windows Server VMs right from the Azure Portal.
For more information check out How to Use Windows Admin Center in the Azure Portal on Petri.
WAC 2103 now supports in preview automatic in-app updates, so you can choose to have your WAC instances automatically updated by Windows Update. This release also gets automatic extension updates. And for the first time there’s support for accessing Azure services, extension updates, and internet communications through a custom proxy gateway.
In addition to the new Events tool, Microsoft has brought updates to the Virtual Machine tool, including the ability to access integration services settings and the ability to edit virtual machine switches during a virtual machine migration. The Azure hybrid center gets an improved UI and there are improvements to cluster deployment.
For more information on this update and a download link, see Microsoft’s website here.