Understanding Event Logs

Written by Barry Dysert (last updated March 16, 2020)

Event logs are like system files to which certain information is written by programs that have no other means of output. For example, a Windows service runs without a user interface, so when the service wants to output a message it does so by writing to an event log. You run the Event Viewer in order to see what all has been written to the event logs over time.

The four most common event logs are Application, Security, Setup, and System, although there are many others. And you can create custom views of the logs so that you can easily pinpoint exactly the information you're looking for. For example, there is an event log called Microsoft | Windows | Diagnostics-Performance | Operational. This log contains information about boot-up performance. If you want a quick way to view what events are causing your system to boot more slowly than you'd like, you can create a custom view (or a filter) to look at that log and only display the "101" events (each type of event has an event ID, and event ID 101 is for slow application startups).

In addition to viewing events in real time, you can create files on disk that contain the event information. Then, you can view those saved logs at a later time.

Event logs are good resources for system administrators, and they're also good for programmers. You may write a Windows service that has no user interface, but you want to capture some important information that it provides. One way to do this is to have the service write to an event log.

Another thing you can do with event logs is to attach a task to a log or even a particular event so that when that log is written to (or that event fires), your task can be activated.

 This tip (11564) applies to Windows 7, 8, and 10.

Author Bio

Barry Dysert

Barry has been a computer professional for over 35 years, working in different positions such as technical team leader, project manager, and software developer. He is currently a software engineer with an emphasis on developing custom applications under Microsoft Windows. When not working with Windows or writing Tips, Barry is an amateur writer. His first non-fiction book is titled "A Chronological Commentary of Revelation." ...

MORE FROM BARRY

Creating a Desktop Shortcut for a Favorite Web Page

If you visit a certain Web page frequently, you may wish to create a desktop shortcut to take you there. This tip tells ...

Discover More

Ripping Songs from Audio CDs

Ripping songs from audio CDs is fairly simple, but the actual process varies from application to application.

Discover More

Process Explorer

Process Explorer is a very well built utility that does a lot, from helping you with performance analysis to finding the ...

Discover More
More WindowsTips

Adjusting the Size of an Event Log

Event logs are used to store information about what goes on, behind the scenes, on your system. Whether you want to ...

Discover More

What is the Purpose of the Forwarded Events Event Log?

The Forwarded Events event log collects events that have been forwarded from other computers. In this way you can login ...

Discover More

Using the Event Viewer to Examine Remote Event Logs

Assuming you have proper access to remote computers, you can examine their event logs from your system without much ...

Discover More
Comments

If you would like to add an image to your comment (not an avatar, but an image to help in making the point of your comment), include the characters [{fig}] (all 7 characters, in the sequence shown) in your comment text. You’ll be prompted to upload your image when you submit the comment. Maximum image size is 6Mpixels. Images larger than 600px wide or 1000px tall will be reduced. Up to three images may be included in a comment. All images are subject to review. Commenting privileges may be curtailed if inappropriate images are posted.

What is 8 + 1?

There are currently no comments for this tip. (Be the first to leave your comment—just use the simple form above!)


Newest Tips