What Is the Windows Event Viewer, and How Can I Use It?

The Windows Event Viewer shows a log of application and system messages, including errors, information messages, and warnings. It’s a useful tool for troubleshooting all kinds of different Windows problems.

Note that even a properly functioning system will show various warnings and errors in the logs you can comb through with Event Viewer. Scammers even use this fact on occasion to deceive people into believing their system has a problem only the scammer can fix. In one infamous scam, a person claiming to be from Microsoft phones someone up and instructs them to open the Event Viewer. The person is sure to see error messages here, and the scammer will ask for the person’s credit card number to fix them.

As a rule of thumb, assuming your PC is working properly, you can pretty much ignore the errors and warnings that appear in the Event Viewer. That said, it’s worth having a basic working knowledge of the tool, and knowing when it can be useful to you.

Launching the Event Viewer

To launch the Event Viewer, just hit Start, type “Event Viewer” into the search box, and then click the result.

Events are placed in different categories, each of which is related to a log that Windows keeps on events regarding that category. While there are a lot of categories, the vast amount of troubleshooting you might want to do pertains to three of them:

  • Application: The Application log records events related to Windows system components, such as drivers and built-in interface elements.
  • System: The System log records events related to programs installed on the system.
  • Security: When security logging is enabled (it’s off by default in Windows), this log records events related to security, such as logon attempts and resource access.

Don’t Panic!

You’re sure to see some errors and warnings in Event Viewer, even if your computer is working fine.

The Event Viewer is designed to help system administrators keep tabs on their computers and troubleshoot problems. If there isn’t a problem with your computer, the errors in here are unlikely to be important. For example, you’ll often see errors that indicate a program crashed at a specific time—which may have been weeks ago—or that a service failed to start with Windows, but was likely started on a subsequent attempt.

In the image below, for example, you can see that an error was generated when the Steam Client Service failed to start in a timely fashion. However, we’ve had no problems with the Steam client on the test computer, so it’s likely a one-time error that corrected itself on a subsequent launch.

In theory, other applications are also supposed to log events to these logs. However, many applications don’t offer very useful event information.

Uses for the Event Viewer

At this point, you’re probably wondering why you should care about Event Viewer, but it actually can be helpful if you’re troubleshooting a specific problem. For example, if your computer is blue-screening or randomly restarting, Event Viewer may provide more information about the cause. For example, an error event in the System log section may inform you which hardware driver crashed, which can help you pin down a buggy driver or a faulty hardware component. Just look for the error message associated with the time your computer froze or restarted—an error message about a computer freeze will be marked as Critical.

You can also look up specific event IDs online, which can help locate information specific to the error you’re encountering. Just double-click the error in Event Viewer to open its property window and look for the “Event ID” entry.

There are other cool uses for the Event Viewer, too. For example, Windows keeps track of your computer’s boot time and logs it to an event, so you can use the Event Viewer to find your PC’s exact boot time. If you’re running a server or other computer that should rarely shut down, you can enable shutdown event tracking. Whenever someone shuts down or restarts the computer, they’ll have to provide a reason. You can view each shut down or system restart and its reason in the Event Viewer.

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Twitter.