Windows event logs are viewed with a system program called the Event Viewer. The easiest way to start the Event Viewer is to use the searching capabilities of Windows, looking for "Event Viewer" (without the quote marks). Once the program is started, you are greeted by the initial screen. (See Figure 1.)
Figure 1. The Event Viewer's initial window.
The bulk of the screen (the information in the center) presents a summarization of various elements of the event logs. You can drill down on any of these for additional information. Most of the time, though, you'll probably want to go directly to a specific log, in which case you need to expand the "Windows Logs" node near the upper left of the screen. This expansion reveals five major event logs: Application, Security, Setup, System, and Forwarded Events. Click on one of these names to get to the events themselves. For instance, if I click the Application log, I can see all the events contained within that log file. (See Figure 2.)
Figure 2. Viewing the Application log.
When viewing an event log, the Event Viewer screen is divided into four panes. The vertical pane on the left is the navigator pane that allows you to expand and collapse the trees that house the different event logs. The top-center pane lists the events for the selected log. (By default, the events are listed in reverse chronological order so that the most recent events appear at the top.) The bottom-center pane is the preview pane, which can be closed in order to make more room for the events themselves. If open, though, it provides details on the event selected in the upper-center pane. The vertical pane on the right is the action pane, which allows you to perform various actions on the event log or the particular event that is selected.
To view more information about an event, click the event in the upper-center pane. Its details will appear in the preview pane. You can also apply a filter to the events you see, to focus only on the ones that you're currently interested in. For example, you may only want to see "Critical" or "Error" events, or only certain Event IDs. There are many filters you can apply. Just click the "Filter Current Log" link in the Actions pane and create your filter.
It's also possible to save part or all of an event log to disk for historical reasons or in case you want to review it later. To do this, click the "Save Events As" link in the Action pane and you'll be prompted to enter a filename where you want the events to be stored. You can then view this log later just as you would view any of the real-time logs.
The event viewer is a powerful resource that can help a system administrator keep the system in good working order. It can even help programmers who need to record information from their non-GUI programs. Spending the time to get acquainted with the event viewer is time well spent.
This tip (11565) applies to Windows 7, 8, and 10.
Assuming you have proper access to remote computers, you can examine their event logs from your system without much ...
Discover MoreManaging a computer system can often involve a good deal of detective work. This tip looks at how you can use your ...
Discover MoreCreating a custom view in the Event Viewer allows you quick access to those events you're interested in watching over ...
Discover MoreThere are currently no comments for this tip. (Be the first to leave your comment—just use the simple form above!)
Copyright © 2025 Sharon Parq Associates, Inc.
Comments