How to Use Windows Event Viewer

Edited 5 months ago by ExtremeHow Editorial Team

WindowsEvent ViewerLogsTroubleshootingOperating SystemMicrosoftPCLaptopMonitoringSystem Tools

Windows Event Viewer is a built-in feature in Microsoft Windows that allows users to view the event logs on their computer. It is a very useful tool for finding and understanding various events that occur in your computer, such as errors, warnings, informational messages, and more. Event Viewer collects data from many sources - such as application programs, system processes, and even security-related events - and allows you to see if there are any problems you should know about or if everything is running smoothly.

Accessing the Windows Event Viewer

To start using the Windows Event Viewer, you first need to know how to access it. Here is a simple step-by-step guide:

For Windows 10 and 11:

1. Press the Windows key on your keyboard.
2. Type Event Viewer in the search bar.
3. Open the Event Viewer app by clicking on it from the list of results.

For Windows 7:

1. Click on the Start menu.
2. Type Event Viewer in the search box.
3. When Event Viewer appears in the search results, select it.

Once you access Event Viewer, you'll see a two-panel application. On the left, you have a list of categories, while on the right are the actions you can take, such as creating a custom view or connecting to another computer.

Navigating the Windows Event Viewer

Event Viewer is divided into several parts. Here are descriptions of the most important parts:

Windows logs

This is one of the most important sections you will use. It is further divided into five logs:

• Application: Logs related to application events. These are messages that the application sends about its own states, such as starting, stopping, or encountering errors.
• Security: Logs related to security-related activities. This includes login attempts, whether successful or unsuccessful, and any changes made to security settings.
• Setup: Logs that relate to the installation of software on a computer.
• System: Logs from Windows system components. This may include events related to system startup and shutdown, or events that indicate hardware or software problems.
• Forwarded events: Logs that are forwarded from other computers. This is often used in a network environment.

Custom views

Custom views allow you to create your own filters so you can focus only on the logs that are important to you. This can be especially useful when you are trying to troubleshoot a specific issue.

Application and service logs

These logs are used mostly by applications and can contain very specific information about the application's performance and behavior.

Understanding event details

There are different levels of severity of events in Event Viewer. Understanding these is important to understand the health of your system.

• Information: This level is used for incidents that are purely informational and do not usually require intervention.
• Warning: These incidents highlight issues that may not be immediate problems but could become problems if not addressed.
• Error: This level indicates a serious problem that signals that something has gone wrong. Errors require your attention as soon as possible.
• Critical: These are very serious events that, if not addressed immediately, could lead to total system failure or other serious problems.

Once you open a specific log, you'll see the actual list of events in the middle pane. To see specific details about an event, double-click on it. This will open a new window showing all the details about that event, including when it occurred, what Event ID it has, and any associated description text.

Creating custom views

Custom views are an incredibly powerful aspect of Event Viewer. They allow you to filter through tons of event data to focus on the events that are most relevant to your needs. Here's how to create a custom view:

1. In Event Viewer, click Create Custom View on the right sidebar.
2. Next, choose the criteria for your custom view. You can select from different log levels such as Information, Warning, Error, and Critical.
3. Select the log or logs you are interested in, such as application, system, or even specific events based on their event IDs.
4. You can also filter by date and user, among other criteria.
5. Once you've met the conditions, click OK, and you'll be asked to give your new custom view a name.
6. Press OK once again, and your custom view will appear in the Custom Views section.

Event ID and source

Each event in Windows Event Viewer comes with a unique event ID. These IDs are numeric codes that provide information about the type of event recorded. Event IDs are important when it comes to finding solutions, as many IT forums and technical support resources categorize troubleshooting steps based on these codes.

Example: Event ID 6008

If you get Event ID 6008, it is a sign of an unexpected shutdown. It can indicate possible power problems or serious system faults that caused your computer to shut down unexpectedly.

Exporting and saving logs

Sometimes, you may need to save your logs to share them with the technical support team or keep them for future analysis. Here's how you can export the logs:

1. Navigate to the log or custom view you want in Event Viewer.
2. Click Action in the menu, and then select Save All Events As....
3. Choose the file type and location to save your log, then click Save.
4. The log file can be saved in multiple formats such as .evtx, .xml, or .txt depending on your needs.

Using Event Viewer to troubleshoot

Event Viewer is an indispensable tool for troubleshooting a wide variety of problems. Whether you're dealing with an application that suddenly shuts down or trying to diagnose what happened during a system crash, Event Viewer provides the data you need to get to the root of the problem.

Example: Network connectivity issues

Suppose you're having trouble accessing the Internet. Open Event Viewer and look under Windows Logs > System. Look for any warnings or errors related to network connectivity, which may give you a hint about what's hindering Internet access.

Automating tasks with Event Viewer

Event Viewer also allows you to add tasks to events. This means that when a certain type of event is logged, a specified action can run automatically, such as sending you an email or running a specific program. Here's how you can automate a task:

1. Select the event you want to automate.
2. Right-click the event and select Attach task to this event.
3. Follow the steps in the task wizard to set what you want to happen when the event is logged.

Security and logs

Another notable support of Event Viewer is in the area of security administration. By monitoring security logs, you can audit any attempts to breach system security, track changes in user permissions, and verify that important files are being accessed properly. To perform small audits efficiently, Event Viewer is indispensable.

Conclusion

Windows Event Viewer is a powerful tool that can help you monitor and troubleshoot events on your system. From understanding what each log category means to creating custom views and automating tasks, Event Viewer offers in-depth utility features. While its full potential is vast and varied, even casual users can take advantage of Event Viewer's core functionalities to manage and diagnose common system and application problems.

  Share This Article

If you find anything wrong with the article content, you can request an update