SEARCH

How-To Geek

HTG Explains: What The Windows Event Viewer Is and How You Can Use It

image

The Windows Event Viewer shows a log of application and system messages – errors, information messages, and warnings. Scammers have used the Event Viewer to deceive people – event a properly functioning system will have error messages here.

In one infamous scam, a person claiming to be from Microsoft phones someone up and instructs them to open the Event Viewer. The person is sure to see error messages here, and the scammer will ask for the person’s credit card number to fix them.

As a rule of thumb, you can generally ignore all of the errors and warnings that appear in the Event Viewer – assuming your computer is working properly.

Launching the Event Viewer

To launch the Event Viewer, just type Event Viewer into your Start menu and press Enter. You can also launch the Event Viewer from the Administrative Tools folder.

image

Events are placed in different categories. For example, the Application log contains a log of application events and the System log contains a log of Windows system events.

image

Don’t Panic!

You’re sure to see some errors and warnings in the Event Viewer, even if your computer is working fine.

The Event Viewer is designed to help system administrators keep tabs on their computers and troubleshoot problems. If there isn’t a problem with your computer, the errors in here are unlikely to be important. For example, you’ll often see errors that indicate a program crashed at a specific time, which may have been weeks ago.

image

Even warnings are often unimportant to the average user. If you’re trying to troubleshoot a problem with your server, these warnings may be helpful. If you’re not, they’re not particularly useful.

image

In theory, other applications are also supposed to log events to these logs. However, many applications don’t offer very useful event information.

Uses for the Event Viewer

At this point, you’re probably wondering why you should care about the Event Viewer. The Event Viewer can actually be helpful if you’re having a problem with your computer – for example, if your computer is blue-screening or randomly rebooting, the Event Viewer may provide more information about the cause. For example, an error event in the System log section may inform you which hardware driver crashed, which can help you pin down a buggy driver or a faulty hardware component. Just look for the error message associated with the time your computer froze or restarted – an error message about a computer freeze will be marked Critical.

You can also look up specific event IDs online – if you’re having a problem, they may help you find more information.

image

There are other cool uses for the Event Viewer, too. For example, Windows keeps track of your computer’s boot time and logs it to an event, so you can use the Event Viewer to find your PC’s exact boot time. If you’re running a server or other computer that should rarely shut down, you can enable shutdown event tracking – whenever someone shuts down or restarts the computer, they’ll have to provide a reason. You can view each shut down or system restart and its reason in the Event Viewer.

You can also use the Event Viewer in combination with the Task Scheduler – right-click any event and select Attach Task to This Event to associate a task with the event. Whenever the event occurs, you can have Windows automatically perform an action in response.

image

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 09/5/12

Comments (12)

  1. sef21

    Event Viewer is a necessary investigative tool. Unfortunately, it doesn’t troubleshoot problems most associated with certain hardware (ie: printer) connection over a shared resource.

  2. r

    It’s one of the first admin tools I use to verify problem causes when troubleshooting…& yes, it is quite useless at solving things like printer/plotter problems

  3. Svend

    Is it possible to completely stop logging all or some of this information, which “normal user” can´t use anyway?

  4. Desmond

    Hi,
    Can I use the Event Viewer to find out wny my Windows Mail is so slow at downloading messages.
    Cheers.
    DSW/

  5. harvey

    Slightly more useful for the non-techie is the Reliability Monitor available via the search box in Start. That does offer solutions to problems.

  6. r

    @Svend: you can disable the event logging service, but the default size of each log is 512KB & is set to overwrite the events that are older than 7 days. So, there really is little point.

  7. erik

    hi can I use the event viewer to find out wny my windows mail is so slow at downloading

  8. Dic

    @harvey: Yes, Reliability Monitor does look more interesting for the non-techie, but this report still baffled me:

    Driver Management concluded the process to install driver NULL Driver for Device Instance ID ACPI\NSC1200\5&36063AE3&0 with the following status: 0xe0000203.

  9. r

    @ Dic: try unplugging all your USB devices one at a time until the error message is gone. If nothing then try Device Manager under Universal Serial Bus Controllers (usb device), or Human Interface Devices to identify the problem usb port or device.

  10. Dic

    @r

    Ahh, so it was to do with USB. Well, the problem was historical, and must have somehow fixed itself, for all is well now. In fact, I don’t remember having the problem.

    But thanks, anyway, r; good of you to respond. I’ll store that one away for reference.

  11. r

    @Dic: yes, this may correct itself on reboot. The system tried to identify some usb port that had previously been used (this shows up in Disk Mgt. as an existing drive letter). A common cause of this is when one doesn’t “safely” remove a usb device, the system still thinks the port is active….. I’m often a victim of this on certain computers…cheers !

  12. p

    You fail to mention how much space is used to maintain these events / logs. Most events can be cleared out but some can not! That leads me to think that, like the registry, things have a potential to grow out of control.

Enter Your Email Here to Get Access for Free:

Go check your email!