Understanding Event Logs

Written by Barry Dysert (last updated March 16, 2020)

Event logs are like system files to which certain information is written by programs that have no other means of output. For example, a Windows service runs without a user interface, so when the service wants to output a message it does so by writing to an event log. You run the Event Viewer in order to see what all has been written to the event logs over time.

The four most common event logs are Application, Security, Setup, and System, although there are many others. And you can create custom views of the logs so that you can easily pinpoint exactly the information you're looking for. For example, there is an event log called Microsoft | Windows | Diagnostics-Performance | Operational. This log contains information about boot-up performance. If you want a quick way to view what events are causing your system to boot more slowly than you'd like, you can create a custom view (or a filter) to look at that log and only display the "101" events (each type of event has an event ID, and event ID 101 is for slow application startups).

In addition to viewing events in real time, you can create files on disk that contain the event information. Then, you can view those saved logs at a later time.

Event logs are good resources for system administrators, and they're also good for programmers. You may write a Windows service that has no user interface, but you want to capture some important information that it provides. One way to do this is to have the service write to an event log.

Another thing you can do with event logs is to attach a task to a log or even a particular event so that when that log is written to (or that event fires), your task can be activated.

 This tip (11564) applies to Windows 7, 8, and 10.

Author Bio

Barry Dysert

Barry has been a computer professional for over 35 years, working in different positions such as technical team leader, project manager, and software developer. He is currently a software engineer with an emphasis on developing custom applications under Microsoft Windows. When not working with Windows or writing Tips, Barry is an amateur writer. His first non-fiction book is titled "A Chronological Commentary of Revelation." ...

MORE FROM BARRY

Enabling Libraries in File Explorer

Windows 7 introduced us to libraries, but they're turned off in Windows 10. Here's how to get them back.

Discover More

Creating a System Restore Point

System restore points are created automatically at strategic times in the operation of your computer. You can also ...

Discover More

What is Bluetooth?

Bluetooth is a popular technology that frees you from dealing with wires and cables, and it makes you a bit more mobile. ...

Discover More
More WindowsTips

What is the Purpose of the Security Event Log?

The Security event log captures success and failure audit events when auditing is turned on. This tip explains a bit more ...

Discover More

Viewing Event Logs

Event logs are automatically maintained by the operating system. By periodically viewing them, you'll have a better idea ...

Discover More

Changing How Event Log Overruns are Handled

By default, the event logs are implemented in a circular buffer, i.e., when its maximum size is reached, the oldest ...

Discover More
Comments

If you would like to add an image to your comment (not an avatar, but an image to help in making the point of your comment), include the characters [{fig}] (all 7 characters, in the sequence shown) in your comment text. You’ll be prompted to upload your image when you submit the comment. Maximum image size is 6Mpixels. Images larger than 600px wide or 1000px tall will be reduced. Up to three images may be included in a comment. All images are subject to review. Commenting privileges may be curtailed if inappropriate images are posted.

What is 6 - 0?

There are currently no comments for this tip. (Be the first to leave your comment—just use the simple form above!)

Newest Tips
Links and Sharing
OUR COMPANY
OUR PRODUCTS
OUR SITES
 

Copyright © 2024 Sharon Parq Associates, Inc.