Windows has a habit of logging information whenever it faces some kind of issue. These logged data are called events.
Events are logged in case of a system crash, a security issue, malfunctioning application, etc. You can view the details of such events through this tool.
Event Viewer is actually an overload of information. Lots of things start happening in the background the moment you start your computer.
A user will go nuts if Windows starts throwing alerts for all kind of non-trivial things. Instead, Windows logs such information, which you can see through the Event Viewer anytime.
How to Launch It
Control Panel Way
- Open “Administrative Tools” applet from the traditional Control Panel.
- Launch “Event Viewer” from the list of administrative tools.
- Invoke Run window or Search Charm. Select the Settings tab in case of Search Charm.
- Type in the command “eventvwr.msc”, and hit Enter.
The first screen shows the aggregate view of all the event logs. You can see the details of the logs using the leftmost tree pane.
The Event Viewer is visually divided into 3 panes.
- The leftmost tree pane lists everything that the event viewer has to offer, in a tree structure.
- The middle pane describes the selected item in the tree pane.
- The rightmost Actions pane acts as a context menu, listing all the options related to the currently selected item.
As shown in the figure, the tree pane divides the events into several log categories. Selecting a log type shows the list of the related events in the top section of the description pane.
The bottom section of the description pane shows the details of a selected event.
Through the actions pane, you can choose what to do with the selected items (log type and an event), like creating a custom view for the selected log type, clear the events stored under the log type, saving events to a file, view properties of the selected event, etc.
Windows and applications tend to log a lot of events, which can be categorized into 5 types.
- Information – This type of event is something accomplished by Windows or an application, like starting or ending an operation, etc. As the name implies, these events are there just to provide useful information.
- Warning – This type says that the event didn’t cause any harm as of now, but may do so in future; so you might want to take care of it.
- Error – When the event creator program loses some data of functionality that it is not supposed to, then it will log that information as an error event. This type is the most useful while debugging some system issue.
- Success Audit – Windows performs an audit on some system activities. For example, it checks if a logon was successful. If an activity was completed successfully, then an event is logged as Success Audit.
- Failure Audit – If an activity audit fails, then an event is logged as Failure Audit.
The tree pane classifies the events into several categories. Let’s go through some of them.
This category contains events related to Windows components. It is further divided into following sub-categories.
- Application – This log stores events caused by applications and services. Naturally, the list is exhaustive. Three types of events are stored in this log – Information, Warning and Error.
- Security – This log stores the events of the audits that are performed by Windows; audits like checking if the log on or log off operation completed successfully, if system time was changed, if Windows started or shut down properly, etc. The result of an audit is stored as success or failure.
- Setup – The events related to some installation or uninstallation, software update, Windows update, etc., goes here.
- System – Events generated by Windows itself and the device drivers. They are classified as information, warning or error.
- Forwarded Events – If some other network computer logs events in your system, then they are listed here.
Applications and Services Logs
The hardware components and several applications have their own dedicated event log. These logs are stored under this category. Some of them are –
- Hardware Events – Any hardware interruption, failure, etc., are logged here.
- Internet Explorer – You can find events related to the built-in browser Internet Explorer here.
- Key Management Services – Certain important services log their events here.
- Microsoft – This is rather a folder parenting logs pertaining to the Microsoft software. Mostly, you will find Windows log under it, further branching out into several logs.
- Microsoft Office Alerts – Any events generated by Microsoft Office suite – Word, PowerPoint, Excel, OneNote, etc., – go here.
- Windows PowerShell – The latest and really very powerful command-line utility of Windows stores its events in this log.
A normal user won’t be able to see all the logs, though. You need administrator access for that.
The logs provided by Event Viewer are so exhaustive that you would be pulling your hair off while trying to find some specific event.
To mitigate that, Event Viewer lets you create custom views, which will list events based on various filter criteria. The folder “Custom Views” in the tree pane holds the custom filters.
To create a custom view, click on “Create Custom View…” in the Actions pane. A small windows will launch, which lets you set the criteria of the new custom view.
Here, you can select what type of events you want the custom view to show. Also, you can select the event logs from where the custom view will fetch the events.
There are several other criteria to refine the logs. After you set the criteria, you are prompted to enter name, description and location of the new view.
This completes the formation of the new view. Now, you can browse through the filtered events at ease.