Learning the Basics of the Event Viewer Tool

Most power users are aware of the existence of free Windows utilities and tools which are included on any Windows Operating System. These utilities and tools can spare novice users from spending too much on third-party software that does some maintenance, protection and monitoring stuff but of course, novice users wouldn’t know about it unless someone tells and explains to them what the utility/tool is used for. One valuable tool which you can use in monitoring almost all instances that happens on your machine is the “Event Viewer”. As its name suggests, the tool is capable of giving detailed logs of each activity, error, installation or problem that is experienced by your Windows operating system. This tool also gives you a clearer picture of what really happened and displays the date and other relevant details about the things that happened. With all the information given by this tool, you will be able to do things right away after finding out that a certain error happens. It acts like an early warning system for you to be forewarned of things that could lead to serious problems if not addressed soon.

In this tutorial, we will be looking at the basic stuff that the Event Viewer tool records and displays and know what each log category contains. But before delving into the details, let us first take note of some basic terms.

  • Events- All instances that occurs in your system like  software installation, Windows Updates, error messages, failure of a certain component and other stuff that happens every now and then. The Events Viewer keeps a log of these stuff and makes it available to you anytime
  • Snap-Ins- Also known as Microsoft Management Console Snap-In refers to tools and utilities like Local Users and Groups and as well as the Event Viewer. It is not yet clear to me why Windows calls these utilities as “Snap-Ins” but terms like these are expected on any operating system because developers and programmers have their own language which somewhat sound irrelevant to common users.

Opening the Event Viewer Window

You can use several ways in accessing the Event Viewer tool but I will only be showing two on this tutorial. One that is commonly used by novice users and another which is used by more advanced ones so we can save space and spare you from the reading as well.

1. Control Panel Method (Often Used By Novice Users)

  • First, you need to click on the “Start” button and once the Start Menu appears, click on “Control Panel”.

ScreenHunter_07 Jul. 16 11.15

  • When the main “Control Panel” Window opens, click on the link labeled “System and Security” to open the System and Security section.

ScreenHunter_07 Jul. 16 11.19

  • On the “System and Security” Window, look for a link that is labeled “Administrative Tools” located at the bottom part then click on it to open a list of tools which includes “Events Viewer”. Once you locate the “Events Viewer” shortcut, click on it to open the tool’s main Window.

ScreenHunter_07 Jul. 16 11.23

  • The “Events Viewer” Window should look like the screenshot below.

ScreenHunter_04 Jul. 16 11.06

2.  Using the Start Menu Search Box (Used by Power Users)

  • This method is simple and easy. First, you just need to click on the “Start” button or what others also call the “Windows Orb” on the bottom-left corner of your screen and then type “event viewer” on the start menu search box.

ScreenHunter_07 Jul. 16 11.27

  • After typing the “event viewer”, the search results should then appear at the top of it and are placed under categories. To open the “Event Viewer” tool, just click on the “Event Viewer” shortcut link under the “Programs” category or the “View event logs” link under the “Control Panel” search results category.

How to View Available Logs

After the Event Viewer Window opens, you need to pay attention on two panels (one on the left and another on the right side) but first, we’ll be focusing on the left-side panel because it is where the log categories are located. To reveal the list of event categories, just click on the “Windows Logs” folder to expand the list of categories and you will see five of them: “Application”, “Security”, “Setup”, “System” and “Forwarded Events”. We will just skip the “Forwarded Events” category this time because it is only used by advanced users dealing with networks or serving as network administrators. This log category is also often used by other professionals and are never given attention by ordinary users.

ScreenHunter_07 Jul. 16 11.29

It is also important to note that some of the logs would be hidden if you are only logged in as a guest user. The Security log for instance is not capable of being accessed by users without administrative privileges and other related rights. To access it while logged in on a guest account, you need to right-click on it and select the “Run as administrator” option.

What Each Log Contains

As mentioned earlier, the logs displayed on Event Viewer are grouped into categories to make it easier for users to locate a specific log or event. Each category is explained further below except for the “Forwarded Events”.

1. Application

First on the list is the Application events category which displays all activities accrued by the programs, applications and processes that are displayed on your machine. When you see the description that says “Information” then you don’t need to worry about it because it is the normal content of this log but other descriptions such as “Warning” and “Error” are more serious ones which commonly indicates problems and troubles suffered by your system every now and then. Looking at the other details for a specific event would further give you the date and time of the occurrence.

ScreenHunter_07 Jul. 16 11.30

2. Security

The descriptions “Audit Success” and “Audit Fail” are the common ones that you’ll see in this event log category. This is where events like changing, deleting or adding/modifying of files, logging on and as well as logging off and any attempt to access system resource is recorded. System integrity is also monitored in this section and most of the time, you would need to scroll sideward to see other details of resize column margins to widen its width and display more details.

ScreenHunter_07 Jul. 16 11.31

3. Setup

Events that are related to software installation and updates are recorded in this section. You’ll also notice that Windows updates would create multiple entries in this section but it is normal. Event IDs are also available so you can easily sort and narrow down events and easily find the one that you’re looking for.

ScreenHunter_07 Jul. 16 11.32

4. System

Lastly, the System category keeps logs of all actions and tasks done by your operating system and other programs that are installed on your machine. You can also view from this section if a hardware component or a device driver has malfunctioned. For instance, if your laptops DVD-ROM drive malfunctions, you will see a Warning message on this event log indicating the problem. It is easy to locate such events because of the yellow triangle icon with an exclamation point (!) inside located at the left of the word that says “Warning” as shown on the screenshot below.

ScreenHunter_08 Jul. 16 11.32

As you can see, the Event Viewer provides a wealth of information that are otherwise unknowable if the tool is not available. There are entries and events which would somewhat sound weird but the way to identify what it points to is by researching its description over the Internet.