In our recent posts, we have talked about many hidden features of Windows 10 which includes Event Viewer also. As promised earlier that we will bring you the basics of the Event Viewer, so we are here in this topic to stand on the promise. Back to the topic, Event Viewer is an application which is a storehouse of all the log files of Windows 10. From the time you switch on your computer, Windows go on tracing the things that it does and at the same time saves the log files which supplies you a good amount of information about the things going on your computer. So, with Event Viewer you can view all the logs and see which one is working properly and which one is facing problem.
After providing a brief introduction about the Event Viewer, we will find the ways of accessing it and also will see how it works in Windows 10. In the later sections of this article, we will explain to you the basic details of Event Viewer.
In nut and shell, you will read here On Windows 10, How to Access Event Viewer (2 directions) and Watch Windows Logs comprising Setup, System, Security, Application as well as Forward Events logs.
How to Access Event Viewer in Windows 10
We bring you two directions following any of which you can open the Event Viewer. Let us see them.
Just like the way you find other administrative tools from Control Panel, this can also be accessed from there. Go to the Control Panel and choose to click on the Administrative Tools icon.
You above action will open up a new window of the Administrative Tools where you will see the Event Viewer.
Use the Cortana Search box of the Start Menu and type event logs and make a search for it. In the results list, you will see View event logs on the top. Double-click on it to open.
Thus, Event Viewer window opens up. It will take few seconds of time to appear the things entirely on Event Viewer.
First Look of the Event Viewer in Windows 10
After a few seconds, the things will come up on the Event Viewer. If seen carefully, you will see three different segments in the Event Viewer window. The far left column of the Event Viewer has the logs which when clicked will show its details in the middle area. If you select the Event Viewer (Local) on the left column, the center area represents the Overview and Summary. And the far right column is the Actions column. The actions column provides actions like create the custom view, import the custom view, etc.
In this following section, we will talk about the Windows log, how you can see it. There are many more options in the Event Viewer for the advanced users which will be carried out in our next articles.
A Glance at the Logs
As said earlier that we will discuss the Windows login this section so all you need to do is perform a click on the Windows log which you will see in the far left column of the Event Viewer window. Your click will expand it and the Windows Logs comprise Application, Security, Setup, System and Forward Events logs.
We will discuss all the logs of the Windows Logs except the Forwarded Events as it is a very advanced topic and it itself will make a huge article. Now, to see the other logs, the administrator’s authority is needed, especially the standard users cannot view the Security log but if they perform a right-click on it and choose to Run As Administrator, they can see it.
Before we proceed with the details, we request you to open the Event Viewer window on a full screen so that you can see all the things displayed on it clearly. Click the Applications log and you see a huge list of information on the center area of the Event Viewer window. As Windows saves all the information about the things, so the Applications log information is categorized in three ways: Information, Error, and Warning.
The Warning messages are not as serious as they seem to be. They appear in cases like if you are running short of space on your flash drive or some applications are not working properly as they have received some wrong parameters. And the Error messages pops up for serious situations. If some programs fail to perform correctly, they are termed as Error. Even if a device driver fails to load properly you will see the Error message.
You will see that many of the log items are categorized as Information. It says that Windows or application (s) is correctly performing its allotted work or even if it encounters any minor problem (which does not mean an error) and as it is not the cause of the real problems. The upper portion of the center area is again having two segments. The upper segment displays the list of log items and the lower segment exhibits you the explanation of the particular selected log. The explanations displayed of the selected log are more often seems to be confusing. If you see any error messages, nothing to panic as most of the times they do not mean anything serious.
On the right column, which is of Actions, you will see the list of actions in its lower segment that you can carry out for the selected log.
Operation of the Right Column
The right column of the Event Viewer is of Actions and the information that you see there is similar to all the Windows logs. To learn more about the right column, you need to select an event first. Now, take a look at the lower portion of the Actions segment. You will notice a duplicate name of the selected event and then a list of actions like event properties, attach task to this event, copy, save selected events, and refresh. We will see what can be done with these actions. Only attach task to this event will not be described as it holds more advanced things to deal with.
Make a click on the Event Properties and a new window of Event Properties will pop up with the details displayed on it. You will see the same things are displayed here that you will see at the lower segment. Well, there are lots of things that can be done with the Event properties. If you wish to see more of the error, click on the Event Log Online Help link and Microsoft will guide you with their experts. To see it for you can copy the error message and see what it means by pasting it on your search engine. You can use different search engines to see what they answer you about the error.
Now, in the Event Properties window, you will see two options: Copy and Close. Coming to the Copy, you just cannot copy the error message of the selected event, but you can copy the entire section of the error log. If you are taking any technical support, the concerned person might ask you for the error message. This is the superb way to send him the error transcript of the log. Copy it and paste it into your text editor and send him the document. This is how it looks when you paste it the Notepad.
Getting to the next action Copy, you have again two options: Copy Table and Copy Details as Text. The Copy Table will take a copy of the one-line error message which is exhibited in the upper segment. And the Copy Details as Text is same as the Copy option of Event Properties window.
The Save Selected Event will save your event in your Documents folder. When you make a click on Save Selected Event, a window will open up with your Documents folder. You can change the location and save it in your preferred location. The event will be saved as .evtx extension. Now, when you double hit on it, it will make the Event Viewer arrive on your screen.
In Windows 10, the display does not refresh it on its own. You need to click on the Refresh button which you will find on the bottom of the Actions column.
On the left column select the Security logs to see its details on the center. The center area of the Security log will provide you a list of messages and in most of the messages, you will see Audit Success marked with it. The security audit is done each time you sign in and also each time you create it, modify it, or even remove it. Unauthorized access to the resources will also be logged with an Audit Fail labeled to it. The system integrity is also scanned by it. To view the labels of each and every event maximize the window or increase the column width to view it clearly.
A new log is created in the Setup logs section whenever you put up a new program, or each time you update your Windows. You will see numerous entries of each Windows Update item. Take a look at the columns and you will find one with a heading as Event ID. Each event is labeled an Event ID number ranging from 1 to 4. All the IDs relate different information.
Event ID 1: Windows is working on the installing of something that has been asked to do it.
Event ID 2: Installation has been carried out successfully.
Event ID 3: The software failed to carry out the installation after attempting.
Event ID 4: A reboot has to be done before the computer finished the installation process.
The System log is for system messages produced by the software that is installed like device drivers and by Windows 10. The Warning labels are stored here if they fail to load properly. Here also you will find Event IDs associated with each event but going in its details will not provide any such information.
We came to the end of this article and we have mentioned all the logs that come under the Windows logs. Event Viewer is mainly put into use by the advanced users but the standard users can also retrieve some useful information from here. Very soon we will come up with an article where we will cover the advanced options of the Event Viewer. Give an attempt to it and see how much useful information you can gather from here. Also, let us inform how it worked for you. If you are holding some extra information on it, please share with us in the comments below.