Careful monitoring of event logs can help you to predict and identify the sources of system problems. Logs also can confirm problems with Windows NT application software. If a Windows NT application crashes, an application event log can provide a record of activity leading up to the event.
The following are guidelines for using event logs to diagnose problems:
Determine how frequently an error occurs. If a particular event seems related to system problems, search the event log to find other instances of the same event or to judge the frequency of an error.
Note Event IDs. These numbers match a text description in a source message file. Product-support representatives can use this number to understand what occurred in the system.
You enable auditing from the Windows NT User Manager for Domains Auditing Policy dialog box. Through auditing, you can track SunLink Server security events. You can specify that an audit entry is to be written to the security event log whenever certain actions are performed or files are accessed.
An audit entry shows the activity that occurred, the user who performed the action, and the date and time of the activity. You can audit both successful and failed attempts. The audit trail can show who actually performed actions on the network and who tried to perform actions that are not permitted.
Events are not audited by default. If you have Administrator permission, you can specify which types of system events are audited through the Windows NT User Manager for Domains tool.
The Audit policy determines the amount and type of security logging that SunLink Server software performs. For file and object access, you can specify which files and printers to monitor, which types of file and object access to monitor, and for which users or groups. For example, when File and Object Access auditing is enabled, you can use the Security tab in a file or folder's Properties dialog box (accessed through Explorer) to specify which files are audited and what type of file access is audited for those files.
Using SunLink Server Manager, log on to, and then open, the SunLink Server system whose event logs you want to view.
For instructions, see "How to Log On Using SunLink Server Manager". To make any changes, you must be logged on as root.
Double-click Events.
The following screen appears.
Double-click the name of the log that you want to view.
Double-click any line in the log to see more details about the particular event.
For background information about interpreting events, see "Interpreting an Event".
You can use the SunLink Server elfread command to read system, security and application logs. This command is especially useful when troubleshooting a SunLink Server system that has failed to start. (Events of this type typically are written to the system log.) Use the elfread command as a backup to the SunLink Server Manager, which is the recommended method of viewing log files when the server is running.
elfread [-od] logname
Replace logname with one of the following log types: system, security, or application.
To display the log file contents listing the oldest event first, use the -o option. To display detailed information about events, use the -d option.
If no options are specified, a summary of all events in the specified log is displayed in reverse chronological order.
Using SunLink Server Manager, log on to, and then open, the SunLink Server system whose information you want to view.
For instructions, see "How to Log On Using SunLink Server Manager". To make any changes, you must be logged on as root.
Double-click Information.
The following screen appears.
The data displayed in the Information view is current, though not automatically updated. To update the view with the most recent data, click Refresh in the View menu, or click Information again in the Navigation pane.
The following information is provided:
Solaris user name of the current SunLink Server Manager session
Solaris server name
Solaris hardware type
Solaris version
SunLink Server system name
SunLink Server system's domain name
SunLink Server system's role (if BDC, then the name of the PDC is also provided)
SunLink Server software version number
State of the server (stopped or running)
State of the Schedule Database wizard (scheduled or not scheduled)
In addition to furnishing you with vital information, the Information window includes three buttons from which you can initiate various administrative tasks:
Properties - By clicking this button, you can initiate changes to the configuration of the SunLink Server system, including its server name, domain name, and domain role. See the section, "About Domain Configuration and Management", along with the instructions that are included in that section.
State - Depending on whether the SunLink Server program is running or stopped, this button enables you to stop or start the program. See the section, "About Starting and Stopping Services", along with the instructions that are included in that section.
Schedule - Clicking this button enables you to schedule (or edit) database maintenance tasks to be performed automatically by the SunLink Server program. See the section, "Database Maintenance Tasks", along with the instructions that are included in that section.