Event Viewer

Table of Contents

Your Windows server comes with a great little tool called Event Viewer.

Windows keeps track of what it is doing as soon as you start it up, and continuously saves log files that can provide you with information when something goes wrong, and even when everything is fine. The Event Viewer gives you an easy way to look at those logs. Microsoft refers to things like app installations, security management operations, and system setup operations as “events.” Event Viewer is a built-in Windows application that lets you check the events that take place on your computer, by giving you access to logs about program, security, and system events. With the information found in the Event Viewer, you can troubleshoot your Windows computer and see whether there are any hardware or software problems.

There are five primary types of events recorded by Event Viewer in Windows:

  • Application: shows events related to software installed on your computer
  • Security: contains events related to the security of your computer
  • Setup: refers to domain control events, which is something home users do not use, but enterprises do
  • System: shows events that are related to Windows system files events
  • Forwarded Events are events from other computers in your network, which were forwarded to your computer.

Each event in each category of events can have one of these levels:

  • Error: This means there might have been data loss or a program is not working correctly, or a device driver failed to load.
  • Warning: This is less severe than an Error message. You might get a Warning message if you are running out of space on a drive, for example. A Warning message gives you an alert about a particular event, but it does not necessarily mean that something terrible has happened.
  • Information: This shows you details about things happening on your computer. Most of the log entries are classified as Information, which means that Windows or the applications are doing what they are supposed to be doing, or, if there was an error of some kind, it did not cause any problems.

How to start the Event View #

  1. The quickest way to start the Event Viewer is by searching for it. Type event viewer into the search box from your taskbar.
  2. Then, click or tap on the Event Viewer search result.
  3. Once you launch it, it may take a few seconds for the Event Viewer to appear, since it needs to be initialized before you use it for the first time. It should look something like this:
  4. Expand the menu item called Windows Logs in the left panel, to see the Application, Security, Setup, System, and Forwarded Events logs.
  5. Then, click on one of the events categories from the left pane. For this example, lets click on Applications. In the center of the Event Viewer window, you should now see many messages.
  6. You can click or tap on any individual entry (single-click) to see an explanation displayed in the lower panel. You can also see the event shown in the right panel, For this example, I clicked the error, and the information with regards to the error can be seen below.
  7. This is extremely helpful for example if your computer is throwing a Blue Screen or randomly restarting, Event Viewer may provide more information about the cause. For example, an error event in the System log section may inform you which hardware driver crashed, which can help you pin down a buggy driver or a faulty hardware component. Just look for the error message associated with the time your computer froze or restarted—an error message about a computer freeze will be marked as Critical.

Powered by BetterDocs