Windows Event Viewer
- Date: 2007-05-21
- Subject: Windows Event Viewer
- Duration: 21:52
- Format: MP3
- Size: 8,968 kb
- My Comments
- Ubuntu experience
- How It Works
- How to View Event Logs
- How to Interpret an Event
Troubleshooting Windows can sometimes be easy and other times very complicated. Trying to figure out what the exact problem is can be very frustrating. I have previously covered some basics on troubleshooting and suggest that you review that podcast. One nice thing to note is that Windows provides something called an event log. An event is any significant occurrence in either the operating system or a program that requires the user to be notified or for some other reason an entry to be added to the event log. Basically the Event Log Service has been designed to record application, security, and system events in the Event Viewer.
Windows Vista has a more advanced Event Viewer. It has been rewritten to focus more on the event and tracing what caused it towards resolution. It is more designed to help those in the enterprise type role to determine where the problems are coming from.
~~ How It Works
From within the Event Viewer, you can gather information about all hardware, software, and system components, as well as monitor security events on a computer. These event logs will help you identify and diagnose the current system problems or event you are trying to research. Additionally with these logs you can look at potential system problems that might start in the future.
The Event Viewer has three primary logs types that it monitors.
- Application Log: This log contains all events that are logged by programs. An example might be a database program records an error for a file or something and it will put that event within the application log. The application developers are primarily the ones that make sure their software program writes events to the Application Log. Unfortunately not all applications are programed to write logs.
- Security Log: This log contains all events that are related to security and access. These events could be ones like valid or invalid logon attempts, events related to resource use (creating, opening, deleting of files), or other auditing type events. An example might be when a user logs into the system with their user name and password but are using the wrong password. This event would be logged as an invalid access attempt. Only members of the Administrators group are able to turn on, use, and specify which events are recorded in the security log.
- System Log: This log contains all events that are related to Windows system components. An example might be if a driver fails to load during startup then an event will be recorded in the system log stating why it failed.
~~ How to View Event Logs
To open Event Viewer, follow these steps:
- Click Start
- Click Control Panel
- Click Performance and Maintenance
- Click Administrative Tools
- Click Computer Management
- In the console tree, click Event Viewer
- The Application, Security, and System logs will show
~~ How to Interpret an Event
Each log entry is classified by type, and contains header information, and a description of the event. The event header contains the following information about the event:
- Date: The date the event occurred.
- Time: The time the event occurred.
- User: The user name of the user that was logged on when the event occurred.
- Computer: The name of the computer where the event occurred.
- Event ID: An event number that identifies the event type and helps understand what occurred in the system.
- Source: The source of the event. This can be the name of a program, a system component, or an individual component of a large program.
- Type: The type of event. This can be one of the following five types: Error, Warning, Information, Success Audit, or Failure Audit.
- Category: A classification of the event by the event source. This is primarily used in the security log.
- Event Types: The description of each event that is logged depends on the type of event. Each event in a log can be classified into one of the following types:
-- Information - An event that describes the successful operation of a task, such as an application, driver, or service. For example, an Information event is logged when a network driver loads successfully.
-- Warning - An event that is not necessarily significant, however, may indicate the possible occurrence of a future problem. For example, a Warning message is logged when disk space starts to run low.
-- Error - An event that describes a significant problem, such as the failure of a critical task. Error events may involve data loss or loss of functionality. For example, an Error event is logged if a service fails to load during startup.
-- Success Audit (Security log) - An event that describes the successful completion of an audited security event. For example, a Success Audit event is logged when a user logs on to the computer.
-- Failure Audit (Security log) - An event that describes an audited security event that did not complete successfully. For example, a Failure Audit may be logged when a user cannot access a network drive.