🔭 Want to centralize and monitor your application logs?
Head over to Logtail and start ingesting your logs in 5 minutes.
Logs are constantly recording what is going on on your computer. They can provide help in tracking what happens with your machine or with troubleshooting. Logs are kept about both actions by a person or by a running process.
In Windows, logs that are saved contain information about applications and the operating system itself. Moreover, these logs are structured and human-readable. For viewing the logs, Windows uses its Windows Event Viewer. This application displays the event logs and allows the user to search, filter, export, and analyze background info. In this article, you will learn how to use the features provided with this program. In addition, this article will also explore the Event Viewer's interface and features. Finally, you will also learn about other application that has their own event viewer built-in, and we will talk about creating your own repeating tasks.
Head over to Logtail and start ingesting your logs in 5 minutes.
Event viewer is a standard component and can be accessed in several ways. The
easiest way is to type
event viewer to the start menu. If you prefer using
command prompt, you can access it by running the
Event viewer is also accessible through the control panels. Open the control panels and list them all by viewing them like small or large icons. After that, select the Administrative Tools and find Event Viewer in the folder.
The application is user-friendly and provides an intuitive interface. The main screen is divided into three column sections:
You can also create your own section. We will explain how to do that later in the tutorial.
The navigation page, which is by default positioned on the very left, provides you with an option to choose the event log to view. Five categories can be found under Windows logs:
There is also a category for Applications and Services Logs, which contains logs of the individual applications and Hardware Events. Logs from PowerShell and other command lines will also be stored there.
When in the default tab, this page displays the Overview and Summary. Select some item from the previously mentioned navigation page to see more details. There are several log levels:
You can also see Audit successes and failures, which are associated with security events.
Events are listed chronologically, starting with the latest event on the very top. You can furthermore click on the columns to edit the order and groupings.
You can click on the event to view more detailed information:
The following popup window also has two tabs, General and Details. The first tab shows more information about the error as described above. The second tab shows the raw event data. You can switch between Friendly View and XML View.
The last page located by default on the right side is the Actions page, which provides you quick access to the features available to you at the moment. This page is divided into two parts, the first containing actions available for the selected Navigation page. The second contains actions available to the selected event itself.
Various options are available:
Allows you to set criteria for events to be displayed on the Details page.
You can choose this option if the list becomes too large. This will delete all events stored in the current log. You can check the total number of events by going to the top directory in the navigation page:
You can click on the
Save All Events Asor
Save All Events in Custom View As
to export all of the selected events into the special event file with the
Event Viewer gives you the option to create a custom view. To do so, select the Custom Views folder on the Navigation page and click Create Custom View on the Actions page. You can, for example, create a custom view for all Windows Azure events with log level error that occurred in the last 12 hours:
You can also export your Custom View. Select it in the Navigation Page and find
an option called
Export Custom View on the Actions Page. Enter the name for
.XML file you are about to create, and it is done.
You can import the custom view to any other Event Viewer by selecting the option
Import Custom View.
The summary view is the first thing you will come in contact with when opening the Event Viewer. It is at the top of the Navigation panel.
There are other logs with their event logging:
If you run Windows Server that is provisioned as a DNS server, the DNS manager is available. This manager has its list of events. From there, the DNS manager's event viewer works in a similar fashion as the one packed with Windows.
The Internet Information Services logs include info about requested URIs and statuses. These logs are written in the location specified in the IIS Manager. By default, the location is:
Task scheduler schedules many sorts of background tasks and applications. The Task Scheduler Library is associated with it, and you can view it directly from the application:
In the section underneath, you can see all the active tasks that are currently enabled and have not expired. Then, by double-clicking on the summary info about the task, which includes the task name, next run time, triggers, and location, you can again view more information.
Using this feature, you can display details about every single task and modify it accordingly. The action page also slightly changes, and a new section for the selected item is viewed. You can run, end, disable, delete or export information about the task at your will.
From the action panel, you can also create your own task by selecting the option
Create Basic Task... or adding an existing one with
Import Task... After
clicking the first opinion, you are presented with a task creator wizard to add
name, description, triggers, action, and finish statement to your custom task.
This is a practical built-in application when running your Windows Server. This service allows servers to work as a cluster. When one server's hardware fails, it is automatically detected and replaced by the other server. All network is then re-routed to the working instance.
This application also has its local Event Viewer. Using this event viewer, you can discover more in the events of your clusters failing or not working as expected.
Another application is Windows Component Service Manager. It enables us to configure DCOM applications on Windows. You can view its logs by clicking on the local Event Viewer:
Windows and applications installed or associated with the operating system keep records of various events. Understanding and finding these events can help you if you are a system administrator, running your Windows server, or even just a regular user.
Now you should know how to explore and use different methods to use these logs to your advantage. In addition, you now know how to use the task scheduler and create your own repeating tasks using it.